Jellyfish uses the NIST Cybersecurity Framework (CSF) as the basis for our security program. We regularly perform both vulnerability assessments and penetration tests with third party security auditors. In addition, Jellyfish has successfully completed an audited Service Organization Controls (SOC 2) Type 2 certification.
Jellyfish has a strong security culture within the team and management. All Jellyfish personnel are screened prior to employment and receive security training on an annual basis.
Jellyfish has a rigorous set of policies that the organization follows to ensure consistent practice and to protect Jellyfish and its customers’ confidentiality.
The Jellyfish platform is hosted entirely within the Amazon Web Services (AWS) secure cloud. AWS aligns with various compliance standards. The Jellyfish Security Team has implemented rigorous network security controls, and has established robust monitoring and alerting for anomalies, unusual user behavior, performance, availability, and other issues to minimize the threat of a security incident.
All data is encrypted both in transit (using TLS 1.2+) and at rest (AES 256-bit).
Jellyfish’s Secure Software Development Life Cycle (S-SDLC) is designed to allow software to meet customer expectations while also having an appropriate level of security that adheres to security best practices. The company’s testing platform performs tests for quality assurance including ongoing vulnerability and penetration testing.
Jellyfish has mature Identity and Access Management practices. Jellyfish follows a policy of least privilege and uses role-based access controls to manage employee access to company infrastructure, systems, and customer data. Access Control reviews are performed regularly by the Jellyfish Security Team.
Jellyfish has an established methodology to manage changes to infrastructure and platform. All changes to any system or service are reviewed, approved, and well communicated. The rigorous change management process is designed to prevent unintended service disruptions and maintain the integrity of the services provided to customers.
Jellyfish has completed its SOC 2 Type 1 certification and is committed to participating in annual audits with an accredited auditor to maintain this distinction. In addition, Jellyfish performs regular third-party vulnerability and penetration tests of our infrastructure and systems.
As part of our security program, Jellyfish has defined and documented our security policies. Jellyfish can make our policies and documentation available to all customers and potential customers including: penetration testing reports, security policy documentation, and/or our SOC2 attestation report.