Information Security at Jahia
Jahia follows a holistic and collaborative approach to guarantee the confidentiality, availability and integrity of your data. We always consider the big picture when working on the security aspects of our products.
Information security management system
Jahia is committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets throughout the company. This is defined and managed within an Information Security Management System (ISMS). Download the Jahia ISMS overview to get more details on our data security compliance policies.
We included all Jahia development teams in the scope of our ISO 27001:2013 certified information security management system. It means that security is considered throughout the lifecycle of the development and release of our software. Our software code is constantly scanned for security threats and we release security fixes on a frequent basis to ensure your on premise and cloud environment's security.
When it comes to Cloud, the security of the infrastructure is just as important as the security of the software you put on top of it. Jahia only works with leading Cloud vendors with trusted security and a solid track record. Jahia hosts all of its Cloud infrastructures on AWS and Azure. All our client data is encrypted at rest, be it live, failover or backup data. Data transfer only occurs through encrypted channels.
The Jahia Cloud infrastructure is highly available and spread across multiple datacenters to ensure no Single Point of Failure.
We conduct frequent penetration tests to ensure a secure Cloud environment. We also perform external penetration tests on a regular basis.
Reporting a security issue to Jahia
Please report all security issues by creating a ticket in your support space if you're one of our customers or by sending an email to firstname.lastname@example.org to ensure that the information does not enter the public domain prematurely.