We Take Security Seriously
We understand how important data security is to you and your customers, and we work hard to ensure that data security and privacy are top considerations in all of our business operations.
Protecting our customers’ data is our highest priority. We code with Open Web Application Security Project (OWASP) best practices, host in a secure AWS cloud, perform daily static and dynamic scans, regular PEN tests (third-party), and are SOC 2 Type 2 certified.
Jama Software® is the only vendor in the requirements management and traceability space that is SOC 2 Type 2 compliant both on the application layer and the data center offerings. Additionally, Jama Connect® is the only requirements management solution that is deployed via multi-tenant cloud.
Suitably validated by TÜV SÜD for safety-related development per IEC 62304
Jama Software® codes with OWASP best practices
Jama Connect is SOC2 Type 2 certified in both the server and application
Ensures strong privacy management practices
Transport Layer Security (TLS) ensures data transferred is secured and encrypted
Here are some of the ways we protect your IP:
AWS Cloud Platform
One of the core reasons we use Amazon’s AWS EC2 platform is the wealth of security experience Amazon has amassed over the years in building and growing AWS. Amazon’s AWS EC2 Platform is the gold standard not only for cloud applications, but also for application and data security. Amazon has successfully completed many security audits and is certified for some of the strictest and most thorough standards.
Don’t take our word for it though. Amazon provides resources to expand on its certifications and third-party audits. For details on AWS certifications and accreditation, please visit aws.amazon.com/security.
In addition to constantly monitoring our web application security, we utilize TLS certificates for all our web transactions, meaning that all data transferred between our clients and our application are secured and encrypted.
In Jama Connect’s multi-tenant environments, customer data resides in a unique, separate database. In addition, stored passwords are encrypted. You may designate a physical location to store your users’ personal data. Jama Software offers hosted services in North America and Europe.
Only a select group of Jama Software employees has access to our production environments and only after undergoing thorough background checks. Each is contractually bound to maintain customer confidentiality and trained on the intricacies of handling sensitive data. Additionally, we further secure these environments by providing individual credentials for each of our admins and conducting regular audits of our access logs to proactively detect any misconduct.
Jama Software will provide customers with a copy of their data upon request, as well as delete and restore data (including backups). Jama Connect stores all updates for audit purposes.
Jama Software’s security policy is based on NIST Standards which cover requirements and details associated with security topics including policy, network management, risk management, compliance, access control, network management, and more. For details on NIST visit: National Institute of Standards and Technology (nist.gov)
The Jama Software Website
Jama Software collects site visitor information to guide website optimization and opt-in marketing best practices. Should you provide information and opt into marketing, you will receive periodic emails from Jama Software. Those who opt-in might also receive additional announcements from us about product updates, services, or the company newsletter. You may opt-out at any time.
Product Usage Data
Our product team is committed and dedicated to providing the absolute best Jama experience. To support this initiative, we might ask to access your anonymized usage data. This is optional and completely opt-in. Analysis of this data will inform our data-driven product development. Please see the Usage Data FAQ for more information.
Privacy and GDPR
Jama Software is committed to ensuring the privacy of our customers’ personal information and our customer data. For more information, visit our privacy page at https://www.jamasoftware.com/privacy. Jama Software enters into DPAs and Standard Contractual Clauses with our customers and suppliers as appropriate.
Contact the Jama Software Support Team.