Jacada is committed to the security of its Customers’ Data. We use a variety of industry-standard and state of the art security technologies and procedures to help protect our Customers’ information from unauthorized access, use, or disclosure. Jacada employs a public cloud deployment model using both physical and virtualized resources for its SaaS offering (the “Platform”).
Jacada is ISO/IEC 27001: 2013, PCI DSS Level 1 certified and GDPR & CSA compliant. Additionally, Jacada employs industry-standard practices for security controls such as Firewalls, Intrusion Detection, Change Management, and written security policies.
Jacada maintains up-to-date written Information security and access policies, which detail, among other things, employee responsibilities, Management’s roles, confidentiality of Customer Data, and acceptable use of resources. All Jacada employees must review and sign such policies upon commencement of employment.
Jacada manages Access Control Policies and Procedures for its Corporate Network and the SaaS Production Network.
Administrative User Accounts, including network and Database, are mapped directly to employees using unique Personal Identifiers. Generic Administrative Accounts are not used. Upon employee termination, all physical and system access is immediately revoked from both the Jacada Corporate Network and the Jacada SaaS Solutions Production Network.
Employees are authorized by appropriate accounts, based on the “least privilege” and “need to know” principles.
The Jacada SaaS Solutions infrastructure is managed by a dedicated team, whose responsibilities are as follows:
Both scheduled and emergency changes are tested in separate environments; reviewed and approved by Jacada’s CISO, SaaS Operation, before being deployed to the Production Environment.
Network-based Intrusion Detection Systems (IDS) monitor Network traffic and activity for the intrusion, and the Jacada SaaS Information Technology Team leverages multiple Network and Application Monitoring Tools to scan for errors or suspicious activities continuously. The Jacada hosted environment is completely segregated from the Jacada Corporate Environment. Access is restricted to SaaS Operations Personnel, and authentication requires a separate set of Credentials.
Jacada Customers access the Jacada Platform via the public Internet. All Data transfers to and from the Platform take place by secure protocols.
The Jacada physical infrastructure is hosted on Top Tier Public Cloud Providers that continually manage risks and undergo recurring assessments to ensure compliance with Industry Standards.
Jacada stores all SaaS Production Environment Customer Data on fully redundant Storage Systems, utilizing a multi-tiered backup approach. All backups are encrypted with 256-bit AES encryption. Daily and intraday Data are backed up on a scheduled basis, to separate Storage Devices and Backup Media. Only Jacada SaaS Operations employees have access to Backup Media.
The Jacada Platform uses an Industry Standard Enterprise Application Management Solution to monitor systems, trigger alerts, track event logs, and perform Trend Analysis and Risk Assessment.
Use of an Intrusion Detection System (IDS) and Log Aggregation Systems to monitor Critical Network Events 24/7 provides Jacada with the ability to identify and address any unauthorized access. Alerts are set to notify the Jacada SaaS Operations Team of any issue.
Escalation Procedures exist to ensure the timely communication of significant Security Incidents through the Management Chain and ultimately, to the relevant Customer.
The Jacada Vulnerability Management Process is designed to remediate risks without Customer interaction or impact. Jacada is notified of vulnerabilities through internal and external assessments, system patch monitoring and third-party services. Each vulnerability is reviewed to determine whether it applies to the Jacada environment, ranked based on risk, and then, assigned to the appropriate team for resolution.
New systems are deployed with the latest Updates and Security Patches. As Customer Data is stored in isolated environments, it is unaffected by any System Update.
To further mitigate risk, each Component Type is assigned to a Unique Network Security Group. These Security Groups are designed only to allow access to the ports and protocols required for the specific Component Type.
Confidentiality ensures that Customer Data is only accessible by authorized Entities. The Jacada Platform provides confidentiality via the following mechanisms:
Jacada’s Business Continuity Planning (BCP) and Disaster Recovery (DR) activities prioritize critical functions that support the delivery of its services to its Customers. The development and scope of the BCP and DR within each Business Function reflect the importance of each function and facility to maximize the effectiveness of these efforts.
A system-level failure, for any component in the Jacada Platform environment, is identified and resolved through the Jacada 24/7 SaaS Network Operations Center (“NOC”). Failure Detection failed systems are automatically removed from the Production Environment, and the NOC Team is alerted to resolve the issue at hand quickly.
Jacada takes advantage of its Platform’s distributed architecture to exercise critical Disaster Recovery aspects routinely, whenever significant organizational or environmental changes are needed. Other, less critical aspects, such as events affecting Data Storage, are tested regularly as well. Disaster Recovery Failover Tests are performed semi-annually.