We, in Jakamo Limited, are taking information security very seriously. The information security is the most important guiding aspect in everything we do. All Jakamo’s processes, methods and technologies are planned, selected and build focusing on ensuring the information security. The threats are changing all the time, so the security awareness is a constant part of our product development and operational processes.
Jakamo Security Policy
Jakamo Security Policy describes our security practices from the points of views of 1) Management and processes, 2) Technical security, and 3) Instructions and training.
Management and processes section define the organization of information security including roles and responsibilities, risk management process, access and control policy, contractual security, security in employment life cycle, information security incident management, business continuity plan and disaster recovery plans, communication plan, audit procedures and information classification policy.
Technical methods section includes the system test plan and procedures, quality measurement, version control, backup policy, technical security testing, server security, workstation security, mobile device security, communications security and malware protection.
Instructions and training section includes the system end-user’s information security guidance, Employee information security guidance and Employee training and awareness plan.
You can find more information about these processes, practises and policies from Jakamo Trust Center you are browsing at the moment. For enterprise customers, the detailed descriptions and records may be reviewed as a part of customer specific assessments and audits.
Security as a design principle
From planning to deployment of new features, the information security is the most important product design principle. Tasks both in front end and back end software development are compared to items in system risk assessment. Before deployment, the tasks are confirmed by five level testing procedures, including testing by software developer, peer reviews of code, manual testing in demo environment, automatic testing in demo environment and production testing. Security requirements are based on a combination of customer, legal, best practices and compliance with privacy laws and regulations.
Protection of information
- The registration to the Jakamo Service and using the service is secured with a personal password
- The service uses TLS protocols
- All data transferring from your computer to Jakamo Service is heavily protected with 128-bit SSL encryption
- The server is authenticated with a certificate issued by DigiCert
- All communication between Jakamo Service and users are encrypted with the protocols mentioned above
- The whole Jakamo Limited staff is covered by confidentiality agreements
- Our staff have access only to the systems and functions they need to perform their personal tasks
- Our staff are bound by guidelines and rules set in Jakamo Security Policy and Employee information security guidance
- Access to customer’s stored information is limited to a few people in operations and technical support
- Other support staff can only see customer’s information only if customer actively authorizes it, for example as a part of a support case
Monitoring and protection
Jakamo Service is continually monitored. Monitoring includes continuous system scanning for vulnerabilities and detection of intrusion attempts and any types of abuse. Penetration testing and continuous data analytics are being conducted to make sure that the system is stable and secure.
Physical protection and backups
Jakamo employs redundant servers and storage to achieve maximal uptime. Information is stored in the servers and data centers, which are located in highly secured vaults in the European Union region. Jakamo has a back-up system to protect all content in the service. Backups are taken daily, and copies are stored geographically separate locations in Europe. All information is stored in Azure. Every byte is been stored simultaneously to multiple different surfaces to prevent total data loss.
As a data center service provider, Jakamo Limited collaborates with Microsoft and utilizes Azure cloud services. Azure data centers conform the highest industry standards of physical security and reliability. They run around the clock and ensure services by protecting against physical intrusion, power outage and network outage. For detailed information about Microsoft Azure physical protection, see the white paper “Protecting Data and Privacy in the Cloud” from the Microsoft Azure Trust Center.
Incident management is a closely defined process including incident identification, evaluation, risk impact evaluation, implementation of technical and operative actions, communication and follow-up actions. When incidents occur, a dedicated security incident team provides the necessary co-ordination, management and communication regarding the incident. All relevant parties of a single incident are communicated without undue delay. All incidents are recorded, and the reports are reviewed periodically by security incident team in order to minimise the risk of them reoccurring.
Business continuity and disaster recovery
Business Continuity and Disaster Recovery plans are documented including business function recovery priorities, restoration plan, records backup, disaster recovery plan, recovery phases and procedures, recovery teams and team specific task lists. Recovery Time Objective (RTO) is 24 hours.
Jakamo has a back-up system to protect all content in the service. Backups are taken daily, and copies are stored geographically separate locations in Europe. All information is stored in Azure. Every byte is been stored simultaneously to multiple different surfaces to prevent total data loss. Recovery Point Objective (RPO) is 24 hours.
Employee information security guidance
Jakamo Employee information security guidance
- Information classification policy
- Password policy
- Travel security policy
- Clean desk policy
- Mobile device policy
- Workstation security policy
- Customer data access policy
- Communications and crisis communications policy
- Acknowledgement of Jakamo Security Policy
- List of approved applications
Guidance is reviewed and updated accordingly with risk management process. A copy of the guidance Document is signed by every employee.
Sharing data with confidence
All information that a user has entered in the Jakamo Service is the property of the user’s company. Jakamo Limited or its subcontractors do not have an authorization to the customer’s data. In a case of exception (i.e. support case) the customer can authorise the support personnel of the Jakamo Limited to access the customer-specific information. By default nothing is shared with your partner companies. Nevertheless, Jakamo is designed for sharing information and when you decide to share something with your partner, it can be done easily. Managing shared document’s visibility is just as easy and securely. On request, Jakamo also provides custom authentication methods to protect your account and data.
The execution of information security and all the related activities documented in Jakamo Security Policy are reviewed with audit procedures. Internal audits are carried out annually by information security team. Third party external audits are carried out minimum every third year by acknowledged auditors. Customer audits are agreed case by case and they are normally carried out as an assessment processes when Jakamo is implemented or as standard vendor audits according customers’ audit programs.
For more information about information security, please contact email@example.com or your assigned account manager in Jakamo Limited.