Security

JDoe is certified under ISO 27001, adhering to stringent industry standards and policies for information security management. It also undergoes regular audits based on the SOC2 framework, which assesses the security, availability, and confidentiality of its services.

The security program at JDoe includes ongoing security audits, vulnerability scans, external penetration testing, automated monitoring, and security training for all personnel. JDoe also keeps abreast of evolving standards and regulations to ensure compliance with the stringent security requirements of leading industry bodies.

Our servers are hosted in the European Union and the United Kingdom within Amazon Web Services (AWS) data centers, which boast certifications such as ISO 27001, SOC 1, and SOC 2, ensuring top-level security standards.

To guarantee the availability of customer data, it is stored across multiple locations within our hosting provider’s data centers. We maintain a robust business continuity program that encompasses regular reviews and tests of our backup and restoration procedures.

AWS data centers are secured with continuous surveillance and stringent controls over physical access. For further details on AWS's physical security measures, you can explore more about AWS physical security online.

Additionally, JDoe Platform operations team provides round-the-clock support to ensure continuous service availability.

JDoe employs some of the most advanced Internet security technologies available today. When accessing the application via a browser or the mobile app, Transport Layer Security (TLS) technology is utilized to safeguard your information with server authentication and data encryption, ensuring the security of your data during transmission.

For data at rest, all information is secured using the 256-bit Advanced Encryption Standard (AES-256), providing robust encryption.

Our team continuously monitors the evolving cryptographic landscape to implement the latest best practices, ensuring that data protection methods remain effective and up-to-date.

We conduct regular training sessions for our engineers on secure coding practices, which cover the principal security risks identified by OWASP, typical attack vectors, and best practices for security controls.

As part of JDoe's software development lifecycle, all code and configuration changes undergo meticulous reviews. Prior to deployment, these changes are subjected to a thorough quality assurance process to ensure they provide a consistent and expected experience across all supported devices and platforms.

All JDoe employees undergo a thorough vetting process prior to employment and are required to complete annual security awareness training. The training covers essential topics such as information security, data privacy, and risk mitigation strategies.

JDoe ensures that all employee work devices are equipped with full-disk encryption and robust password protection, and the use of unauthorized software or portable media is strictly prohibited.

Administrative access to production systems is restricted to personnel who specifically need it to support our services. Access to our servers is closely monitored and audited, with regular reviews of system and access logs to maintain high security standards.