Announcing: SOC 2 Type II compliance for Jotform Enterprise

Announcing: SOC 2 Type II compliance for Jotform Enterprise

Jotform Enterprise now offers System and Organization Controls (SOC) 2 Type II-compliant servers and we’ve received our first SOC 2 Type II report from our independent auditor, Auditwerx. Protecting your data is our primary concern, which is why we consistently maintain the highest global security standards.

This recent achievement demonstrates our company’s commitment to maintaining processes, systems, and collaboration that prevent potential security breaches and respond to potential threats.

What is SOC 2 compliance?

Developed by the American Institute of CPAs (AICPA), the SOC 2 framework is an internationally recognized security compliance standard for Software-as-a-Service (SaaS) companies. Acquiring this credential demonstrates a company’s commitment to implementing and maintaining effective information security controls.

To achieve compliance, the organization had to pass a technical audit, which required independent verification that Jotform Enterprise has not only established, but also follows, strict information security policies and procedures encompassing the 5 Trust Services Principles (TSP) defined by the Assurance Services Executive Committee of the American Institute of Certified Public Accountants (AICPA). These principles are security, availability, processing integrity, confidentiality, and privacy.

Announcing: SOC 2 Type II compliance for Jotform Enterprise Image-1

Why is SOC 2 compliance so crucial for data security? 

Announcing: SOC 2 Type II compliance for Jotform Enterprise Image-2

SOC 2 Type II compliance requires an extensive auditing and documentation process that ensures best practices are in place to prevent, detect, and repair any threat to data security. This process can take up to 12 months and ensures multiple layers of protection are set up to prevent and address threats.

Some of the SOC 2 Type II audit activities conducted to ensure the reliable delivery of services include

  • Confirming the operational effectiveness of networks, hardware, and facilities used to deliver Jotform Enterprise services
  • Testing procedures related to data security and data encryption
  • Evaluating our software development processes, including managing changes to applications and databases
  • Ensuring individuals who support the delivery of services to customers are properly vetted and trained

What does the SOC 2 Type II compliance report mean for Jotform Enterprise customers? 

As a Jotform Enterprise customer, you can request to be provisioned in our SOC 2-compliant environment, which is great for HIPAA compliance and offers robust access controls for stored data, disclosure, and complete encryption. Selecting this option assures you that we have taken every opportunity to pressure-test our systems, procedures, and staff, so your data stays secure.

Through this effort, we have built the best practices of the SOC 2 framework into our daily operations. SOC 2 compliance provides an added layer of security and confidence, on top of our already existing security and data protection offerings, which include local data residency, HIPAA-friendly forms, and single sign-on integrations.

If you’re a Jotform Enterprise customer, please contact your account representative to receive a copy of the SOC 2 report. If you aren’t currently a Jotform Enterprise customer, please contact our team, and a representative will reach out to you with details.

For more information about Jotform’s SOC 2 features, you can watch this webinar:

Youtube Embed Poster: akYfh8fR690
AUTHOR
As Jotform's head of information security, Johannes is responsible for the strategy and implementation of the information security program that safeguards the data entrusted to Jotform. A past speaker at the RSA security conference and BrightTalk forum, Johannes enjoys contributing to the discourse on advancing cyber security. He lives with his family in Virginia.

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Comments: