Security &
Compliance
Jellyfish takes security seriously to ensure customer data
remains secure and confidential.
Jellyfish Logo
Jellyfish Security

Jellyfish uses the NIST Cybersecurity Framework (CSF) as the basis for our security program. We regularly perform both vulnerability assessments and penetration tests with third party security auditors. In addition, Jellyfish has successfully completed an audited Service Organization Controls (SOC 2) Type 1 certification.

Our Security Measures

01

Organizational Security & Personnel

Jellyfish has a strong security culture within the team and management. All Jellyfish personnel are screened prior to employment and receive security training on an annual basis.

02

Written Information Security Policy (WISP)

Jellyfish has a rigorous set of policies that the organization follows to ensure consistent practice and to protect Jellyfish and its customers’ confidentiality.

03

Data Center & Network Security

The Jellyfish platform is hosted entirely within the Amazon Web Services (AWS) secure cloud. AWS aligns with various compliance standards. The Jellyfish Security Team has implemented rigorous network security controls, and has established robust monitoring and alerting for anomalies, unusual user behavior, performance, availability, and other issues to minimize the threat of a security incident.

04

Customer Data Security

All data is encrypted both in transit (using TLS 1.2+) and at rest (AES 256-bit).

05

Internal R&D Processes

Jellyfish’s Secure Software Development Life Cycle (S-SDLC) is designed to allow software to meet customer expectations while also having an appropriate level of security that adheres to security best practices. The company’s testing platform performs tests for quality assurance including ongoing vulnerability and penetration testing.

06

Identity & Access Management

Jellyfish has mature Identity and Access Management practices. Jellyfish follows a policy of least privilege and uses role-based access controls to manage employee access to company infrastructure, systems, and customer data. Access Control reviews are performed regularly by the Jellyfish Security Team.

07

Change Management

Jellyfish has an established methodology to manage changes to infrastructure and platform. All changes to any system or service are reviewed, approved, and well communicated. The rigorous change management process is designed to prevent unintended service disruptions and maintain the integrity of the services provided to customers.

08

Certification & Audits

Jellyfish has completed its SOC 2 Type 1 certification and is committed to participating in annual audits with an accredited auditor to maintain this distinction. In addition, Jellyfish performs regular third-party vulnerability and penetration tests of our infrastructure and systems.

SOC Compliance

As part of our security program, Jellyfish has defined and documented our security policies. Jellyfish can make our policies and documentation available to all customers and potential customers including: penetration testing reports, security policy documentation, and/or our SOC2 attestation report.

See how Jellyfish enables strategic alignment and engineering performance

Align Engineering Work With Your Business Priorities