Comprehensive security and privacy
Jostle takes the security and privacy of your data extremely seriously. We deliver enterprise-level security through a comprehensive program that meets the requirements of the AICPA SOC 2 Trust Service Principles. Key elements of our security program include:
In order to comply with the data privacy requirements in your region, you can choose to have your instance hosted on any of our data centers, which are located in the US, Europe, Australia, and Canada. If your Jostle® instance is Google integrated, your LIBRARY files will be stored in Google Drive using your own Google domain.
Jostle’s platform is deployed and secured in a professionally managed cloud infrastructure, utilizing best-in-class, third-party data center providers. Key features include:
- network of global SOC 2 compliant data centers and service providers;
- systematic vulnerability scanning and systematic application of system patches to ensure threats are identified and removed; and,
- 24x7 monitoring and protection.
Your data is only ever stored in our production environment, is owned by you, and can only be accessed by the people you authorize. All data transmissions you make to/from the Jostle platform and the data centers are securely encrypted at 128 bits via HTTPS (SSL/TLS).
Our access to your data is strictly controlled and limited to authorized personnel, and only for the purposes of delivering and supporting Jostle’s services. All Jostle employees receive training on Jostle’s security and privacy policies and procedures.
Our software services undergo rigorous testing from both security and performance perspectives, and we use best-in-class systems to independently monitor security, performance, and system health in real time. We also utilize third-party testing as required to identify and address any vulnerabilities.
Jostle automatically backs up all data daily using a separate physical and logical infrastructure, and retains the backups for seven days.
Your Jostle intranet is only accessible by the people that you invite. Identity management can be handled using a unique Jostle ID, or via integration with Active Directory or one of our qualified third-party SSO providers. Your administrators can define access to the content in your Jostle intranet based on role, location, and a number of other parameters.
Certifications and audits
Jostle has recently received our SSAE16 SOC 2 Type 2 Report, verifying that our system of controls is effective in addressing the Trust Service Principles of security, availability, and confidentiality.
Jostle complies with best practices and guidelines for cloud computing service providers, as specified in “Cloud Computing Guidelines For Public Bodies”, June 2012, issued by the Office of the Information and Privacy Commissioner for British Columbia, Canada.
Data ownership and confidentiality
You maintain ownership of all the enterprise data you put in your Jostle intranet. Per our Subscriber Agreement, we have strict obligations to keep it secure and confidential.
Keeping your data in-country
A number of Jostle customers have strict requirements to keep their data in a particular country. For example, many publicly funded organizations in Canada must do this. Jostle’s FOIPPA option: a) keeps your data in the specified country, and b) stops users from logging in if they are outside that country, including via the mobile phone. Learn more…
Jostle meets the strict European Union privacy requirements. We are a Canadian corporation and unlike the US, Canada’s privacy laws meet EU requirements. Learn more about how Jostle protects personal private data for European customers.
If your Jostle service provides for your personal data to be stored at Jostle’s Canadian or European data centers, then this will provide a level of defense against your data being accessed by US government agencies under the US “Patriot Act”.