Information Security is important to you and it's important to us.
All customer data held by Juksta is encrypted in transit over public networks using Transport Layer Security (TLS).
All data held by Juksta is encrypted with a minimum 256 bit cryptographic key. We do not store any data unencrypted.
The content of databases is encrypted at both the RDMS and file system layers. All files loaded into the application are encrypted before being stored, with versioning and additional two factor protection to prevent unauthorised deletion.
A core idea of GDPR is the pseudonymization of personal data. All information held within Juksta that relates to an identified or identifiable natural person ("data subject") is pseudonymised. Pseudonymization enhances your privacy by replacing your personal data with one or more artificial identifiers, or pseudonyms.
Automated database backups are made daily, and retained for 30 days. We also maintain replicas of our databases in different AWS regions, and take snapshots of these databases daily, retaining the snapshots for 30 days. All backups and snapshots are stored in multiple AWS EU regions, to guard against catastrophic failure of an individual AWS region.
Files loaded into the system are replicated to multiple AWS EU regions, to eliminate single point of failure. In the event a region becomes unavailable the application can failover to one of the secondary AWS regions to continue to provide access to your files.
We understand the importance to our customers of keeping our services online. We have a comprehensive set of business continuity and disaster recovery plans.
Our plans are reviewed and tested regularly to ensure that in the event of service disruption, inconvenience to our customers is minimized and we return to normal operations as soon as possible.
Secure coding practices are baked into our development team to help ensure we maintain a consistently high quality of secure code.
Our team implements coding standards, branching policies, peer review and automated testing of software changes before changes can be accepted. We also run regular secure coding training sessions for Developers and DevOps.
We run weekly vulnerability testing against up-to-date exploit libraries to catch potential problems as they arise. We also have external penetration testing conducted regularly as part of our Information Security Management System.
We implement standardised, hardened snapshots for all servers used by our application and perform system and security patches on our instances monthly, following a formal patch implementation policy.
All customer data is sensitive, and we have a comprehensive set of policies and procedures in place to help us protect access to your data. We implement the principle of "least privilege", and staff are only provided access to information systems they require based on the role they perform. All staff access is reviewed periodically to ensure this principle is maintained.
We aggregate logs from our application infrastructure to enable us to monitor and review suspicious activity. We implement various alerts and procedures on how activities are investigated, escalated and responded to. We maintain access to appropriate security expertise internally, and where required through external subject matter experts.