Your organization’s data security is mission-critical, and we take our commitment to protecting it extremely seriously. It’s just one more reason so many leading social good organizations trust us as their partner.
Our Information Security team leverages the industry standard CIA Triad Model (Confidentiality, Integrity, Availability) in conjunction with various industry control frameworks, such as the NIST CSF, PCI DSS, ISO27001, SOC 1, SOC 1 type 2, and others to protect our solutions.
View more information on our Cyber Security Program in the below white papers and tip sheet.
- White Paper: JJ竞技登录赛事 Cyber Security Overview
- White Paper: JJ竞技登录赛事 Business Continuity Management
- White Paper: JJ竞技登录赛事 Cyber Security Incident Management and Response Overview
- White Paper: JJ竞技登录赛事 Cyber Security Program and Policy Framework
- White Paper: Data Trust Statement
JJ竞技登录赛事 and the Public Cloud Whitepaper
- Tip Sheet: Cyber Security
- Data Sheet: JJ竞技登录赛事 Luminate Online® Security Overview
JJ竞技登录赛事 provides audit reports by request to our subscription customers, their auditors, and our prospective customers, including SOC 2 type 2, SOC 1 type 1, and bridge letters for both SOC 1 and 2 reports, where applicable*.
JJ竞技登录赛事 provides PA-DSS and PCI-DSS attestations of compliance to JJ竞技登录赛事 Internet Services and JJ竞技登录赛事 Payment Solutions*.
JJ竞技登录赛事 also leverages the Cloud Security Alliance’s CAIQ-Lite assessment questionnaires to provide transparency regarding the adherence of our products to the CSA Cloud Controls Matrix. These assessments are made available via the Cloud Security Alliance.*
Our world-class security, privacy, and risk-management teams work every day to ensure the safety of your data by adhering to industry standard practices, conducting ongoing risk assessments, aggressively testing the security of our products, and continually assessing our infrastructure.
As such, our promise to you is that your JJ竞技登录赛事 solution is always secure, protected, and reliable through:
- Robust and continuous Cloud Account/Subscription Governance and control monitoring
- Clear security requirements and reporting on data protection, encryption, and monitoring
- Routine vulnerability assessments and DDoS automitigation response
Active participation in CyberSecurity thought leadership:
- JJ竞技登录赛事 is a member of Cloud Security Alliance (CSA) and assesses our products and environments against the CSA CAIQ (consensus Assessment Initiative Questionnaire).
- JJ竞技登录赛事 Security is a member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), a thought leadership and information sharing community for collaboration on critical security threats facing the global financial services sector.
- JJ竞技登录赛事 partners with the Information Sharing and Analysis Center for Nongovernmental Organizations (NGO-ISAC) to participate in collaboration regarding US-Based nonprofit/nongovernmental organizations under attack from sophisticated threat actors.
Partnership with Microsoft and Azure
- JJ竞技登录赛事 engages in an Azure-first model and partners consistently with Microsoft. This provides us access to industry threat intelligence and early previews regarding upcoming Azure feature capabilities and security releases.
- Partnerships with other cloud providers and independent third parties for reviews
JJ竞技登录赛事 also leverages tactical Cyber Security strategies for safeguarding our environments and data by utilizing the NSA’s Defense in Depth techniques and layered security, including:
- Data Protection
- Application Security
- Host Based Security
- Internal Network Security Measures
- Perimeter Security
- Physical Security
- Policies/ Procedures/ Awareness
- JJ竞技登录赛事’s Cloud Security includes rigorous standards across physical, application, and personnel security
JJ竞技登录赛事 utilizes System Center (SCOM) for internal out of the box monitoring with customized management packs that monitor within the application layer from the inside out to include an early warning detection system that allow us the time to investigate and respond to an issue before it becomes an impactful event.
JJ竞技登录赛事 enforces strict physical datacenter security based on best practices and SSAE18 audit guidelines:
- All building entrances, the datacenter floor, and secure areas require card key access. The datacenter floor and secure areas also require two factor biometric authentication (hand/finger prints and iris scan).
- Active patrol guards are onsite to monitor the interior and exterior of our facilities 24 hours a day, 365 days a year. We also have security cameras covering all entrances, alternate workspaces, and the datacenter floor.
JJ竞技登录赛事 ensures the security of our applications through:
- Constant education and partnership with JJ竞技登录赛事 development community with robust and varied training programs
- Routine vulnerability assessments
- Continually empowering our developers with security tools to leverage early in the security SDLC processes
- JJ竞技登录赛事 uses various strong encryption mechanisms across our environments and products, including TLS 1.2, AES 256, RSA 1024 and other FIPS140-2 encryption algorithms.
- Through JJ竞技登录赛事 ID, we support multi-factor authentication and modern identity providers (IdP) such as Microsoft Azure Active Directory, Okta, and SAML-based providers such as Google G-Suite so you can control your end-user login experience*.
JJ竞技登录赛事 employees are all engaged in on-going Security Awareness and rigorous training campaigns to ensure they are empowered to protect both JJ竞技登录赛事’s and our customers’ data. All employees are provided continual phishing simulation testing to increase their awareness of cyber security social engineering and phishing techniques.
The JJ竞技登录赛事 Security team additionally partakes in global communities and conference platforms—such as bbcon, WISCYS, and local security conferences—to share information and present on industry best practices to improve the community’s security awareness posture.
The JJ竞技登录赛事 Security team prioritizes routine testing to identify and remediate vulnerabilities and risks by leveraging:
- Dedicated Red Team
- Routine Penetration Testing
- Routine Code and Vulnerability Scanning
- Cloud Audits & Assessments
- Phishing Simulations
Driving social good on a global scale—spanning the public, private, and social sectors—requires a detailed understanding of privacy standards. JJ竞技登录赛事 has dedicated legal counsel who continually evaluate upcoming and changing regulations as they relate to data privacy to ensure we are aligned to these regulations, as well as providing thought leadership for our customers on the operational impact of these regulations and compliance requirements.
JJ竞技登录赛事 is committed to providing products and services that enable customers to comply with the privacy laws applicable to them. We tirelessly track and interpret pending legislation to ensure that JJ竞技登录赛事 provides the features you need to protect the privacy of your constituents while managing data in a compliant way. As privacy legislation evolves, our products do too. Further, we will continue to work on ways to improve the user experience in the products, specifically as regards the capture, recording, and use of your supporters’ consent. We ensure that (when applicable) our products and internal processes comply with and enable customers to comply with:
- General Data Protection Regulation (GDPR): A European Union regulation that establishes commercial standards for data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA)
Health Insurance Portability and Accountability Act (HIPAA): A U.S. law that provides data privacy and security provisions for safeguarding Protected Health Information (PHI).
- JJ竞技登录赛事 regularly performs assessments for our compliance with industry-standard data protection protocols such as HIPAA.
- All JJ竞技登录赛事 products available to customers in the healthcare sector are assessed for compliance with HIPAA compliance annually. Additionally, these products are also reviewed to ensure customers can achieve and maintain their own HIPAA compliance obligations when performing fundraising and data management activities using JJ竞技登录赛事 solutions.
California Consumer Privacy Act (CCPA): a U.S. bill that enhances privacy rights and consumer protection for residents of California.
- As of the effective date of the California Consumer Privacy Act (CCPA), JJ竞技登录赛事 will be fully compliant with this law.
- Similar to the guidance provided on GDPR, prior to the effective date of the CCPA, JJ竞技登录赛事 will issue guidance on how our various solutions can be used for our customers to help them comply with these regulations
We understand regulatory requirements and constituent expectations around data privacy are a key priority for our customers as well. For more information about safeguarding your constituent data, reference the JJ竞技登录赛事 Institute’s Privacy Toolkit .
JJ竞技登录赛事 designs mission-critical cloud solutions exclusively for social good organizations.
Our commitment to reliability is backed by our industry-leading service level agreement of 99.9% availability—or you will be eligible for credits to your subscription.
Our cloud solutions are modern and innovative and allow your teams to be productive on any device at any time by leveraging JJ竞技登录赛事 SKY UX for natively mobile experiences.
We amplify continuity of service through extensive disaster recovery policies, regular offsite backups (performed nightly, weekly, or monthly), and redundant architecture.
*compliance certifications and assessments may vary by product
JJ竞技登录赛事 maintains protocols and standards to help protect Customer Data, meaning the data consisting of Customers’ confidential information, including constituent data, contained in JJ竞技登录赛事 solutions. Customer Data doesn’t include aggregated or anonymized data or data about a customer, like current or prospective customer contact information held in our internal customer management system. JJ竞技登录赛事 will only collect, process, and store Customer Data that is necessary to fulfill contractual obligations with customers. JJ竞技登录赛事 retains Customer Data throughout the full term of the contract for such solution.
Upon cancellation of a solution, JJ竞技登录赛事 maintains a standard process to remove Customer Data in accordance with industry standards. Typically, after a customer leaves JJ竞技登录赛事 entirely or cancels a particular solution, Customer Data with respect to that solution/s is decommissioned/removed from applicable infrastructure, and then associated backups of that Customer Data are retained (offsite) for 6-months before being automatically purged. In some instances, Customer Data will be maintained to comply with legal and regulatory obligations. JJ竞技登录赛事 may also keep Customer Data to assist with fraud monitoring, detection, and prevention activities and to comply with tax, accounting, and financial reporting obligations.
Additionally, JJ竞技登录赛事 is required to retain certain Customer Data through contractual commitments to financial partners, and where data retention is mandated by the payment method(s) utilized by the customer. In all cases where Customer Data is retained, it is done in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Questions? Contact us.
To obtain a summary of the most recent third-party audit reports for our solutions:
- If you’ve purchased a JJ竞技登录赛事 solution, open a support case.
- If you are a prospective customer, contact your sales representative.