Jitterbit Harmony security features
Introduction
Jitterbit is vigilant at applying safe and secure integration processes. We use strict security measures to protect our customers' valuable information, and constantly evaluate and improve our systems and processes to keep abreast of the latest security demands. The Information Security Management System of Jitterbit has been certified to conform with ISO 27001 version 2022 with supplemental controls in ISO 27017:2015 and ISO 27018:2019. Jitterbit has achieved ISO 27001 certification from A-lign, an independent, third-party auditor accredited by the ANSI ASQ National Accreditation Board (ANAB). See ISO 27001, ISO 27017, and ISO 27018 certification for details. Jitterbit's security features are summarized below.
Harmony cloud security
- Encrypted messaging
- Web services security (v3)
- HTTPS encryption
- No inbound connections from cloud to agent (i.e. the server running on customer's network)
- Authentication
- Access control lists
- SOC 1 Type 2
- SOC 2 Type 2
- SOC 3 Type 2
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Policy (CCPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- New Zealand Security and Privacy (NZISM)
- FIPS 140-2 encryption and unique-per-customer encryption keys
- Password encryption
- Two-factor authentication
- Single sign-on (SSO)
- CAPTCHA is enforced once the number of Harmony portal login attempts reaches a certain threshold
- Configuration of integration projects deployed on Harmony to meet several industry-specific and regional regulations and standards including:
- Compliant with the policies established by the EU for GDPR
- Compliant with the policies of HIPAA established by the US Department of Health & Human Services (HHS)
- Compliant with the standards and best practices established by Cloud Security Alliance (CSA)
Data center security (hosted by AWS)
- Highly secure data centers with state-of-the-art electronic surveillance and multi-factor access control systems
- 24x7 professional security staff
- Least-privileged-based access system
- Fire detection and suppression
- 24x7 power, UPS (uninterruptible power supply) provides backup power
- Climate and temperature control
- Monitored electrical, mechanical, and life support systems and equipment so that any issues are immediately identified
- Multiple availability zones for each region allow you to remain resilient in the event of system failures and natural disasters (data stays within each region)
- Storage device decommissioning
- Business continuity management
- High availability and fault tolerance
- Data replication and backup
- SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
- SOC 2
- SOC 3
- PCI DSS Level 1
- FIPS 140-2
- Additional security described in AWS Compliance Programs
Network security
- Secure network architecture including firewall and other boundary devices that employ rule sets, access control lists (ACLs)
- Distributed Denial of Service (DDoS) protection and mitigation
- Port scanning, spoofing, and sniffing defenses
- Network host vulnerability scanning
- Secure access points: API endpoints that allow secure HTTP (HTTPS) access
- Transmission protection using SSL
- All agent / Studio to cloud communication using SSL/TLS encryption (HTTPS)
- Penetration testing
- Host hardening
- Network monitoring and protection
Jitterbit security release policy
Jitterbit releases critical patches within four weeks of the first report, or earlier.
Jitterbit privacy policy
Refer to the Jitterbit Privacy Policy.