Last Updated: 8/30/2022
Introduction
As a security firm, Jemurai is deeply committed to security and privacy. Our goal is to make sure you have the information you need to feel confident in our ability to provide you with a secure platform.
Our program includes the governance and technical controls to ensure that the information we handle is secure and monitored. We’ve adopted a set of policies aligned to NIST 800-53 and NIST CSF to develop a comprehensive security program.
The list below outlines our security program and features. A summary of Jemurai’s program and corresponding policies follows below.
- User access is protected through strong authentication.
- Internal system access controlled through the practice of least-privilege and multifactor authentication (MFA).
- System access is logged and audited.
- Data is encrypted in transit and at rest.
- Front-end firewall and intrusion detection blocks unauthorized traffic.
- Tested Business Continuity Plan.
- Third party vendors and contractors are fully vetted.
- Customer data are logically separated.
- Comprehensive security training program for all employees.
- Security focused software development and change management processes.
- Incident response training and readiness program.
- Consistent system patching and vulnerability review.
- Annual risk assessment.
- Quarterly network vulnerability scans.
Security Program Details
Jemurai’s security policy establishes its position on a range of security-related topics. While executive leadership is accountable for the execution of the program, the entire company works diligently to ensure that the security of our customers’ comes first. Our policies reflect our commitment to providing a trusted solution.
Alignment with NIST 800-53
Jemurai aligns its information security program to the NIST 800-53 framework. Maturation of the information security program is driven by alignment to this framework and an understanding of any potential or evolving threats.
Security Training
Jemurai’s Security Training is a mandatory requirement for all employees. The training is structured to educate employees on the Information Security & Privacy Policies, provide an understanding of security in the context of our service and industry, instill the commitment to protect the security needs of our customers, and most of all, to ensure the safety and security of our customer’s data.
Application Security
Application security is of utmost importance. With applications running in the cloud, we know our cloud partner is responsible for infrastructure level security; but we, through their Shared Responsibility model are responsible for our application security. To ensure that Jemurai follows best practices for application security, we train on the OWASP Top 10 and do both internal and external code reviews for security.
Data Encryption
Jemurai secures all data in transit via TLS. Systems are configured to require the TLS protocol, meeting industry standards for externally facing systems. You can view an up-to-date assessment of our TLS configurations by visiting SSL Labs SSL Test.
Symmetric encryption (AES-256) is used to protect data at rest. This ensures that data is only viewable by authorized users.
Data Access and Handling
Jemurai’s environment is highly-restricted by design. Access controls are in place to ensure that data is only available to appropriate parties. Internally, Jemurai employees may be granted access to the Jemurai platform for administration purposes only. All data is encrypted in transit and at rest in our systems.
Questions
Contact Jemurai's security team at security@jemurai.com.