What is Journyx Doing about Data Security?
4 Key Data Security Principles We Live By
Many organizations ask us about security as they’re evaluating our cloud software option, and we completely understand why: you want peace of mind knowing that Journyx is doing the right things to safeguard your organization’s time and expense data.
We take the security of your organization’s data seriously, by putting these measures in place:
1. We are SOC Compliant
The security and integrity of the data in their Journyx systems is critical to our customers. That’s why Journyx complies with the relevant SOC standards for internal controls. Our office operations undergo an SOC 1 SSAE 18 Type II assessment annually. Our data center infrastructure on Amazon Web Services (AWS) complies with all relevant industry standards, including SOC 2, ISO, and others. In this way, we meet the same high standards our customers hold for their own data security and integrity controls.
2. Reliable Data Center
When a customer chooses the cloud option, Journyx creates a separate and exclusive installation of our software for the customer. The installation is then stored on dedicated servers hosted across two AWS regions. These regions are in separate geographical locations within the contiguous United States. Additionally, Journyx has servers located in various data centers (availability zones) within each region for fault tolerance and high availability. Only authorized Journyx staff can access and manage our cloud operations.
How reliable is AWS
AWS is committed to 99.99% availability per region. In the very unlikely event both AWS regions fail, we have the capability to run your hosted site from Journyx Headquarters.
3. Your data is managed by the Journyx team
Your organization’s data is valuable and sensitive, which is why we don’t outsource the management of your system in the cloud. Journyx staff – and ONLY Journyx staff – manage cloud operations.
4. We adhere to strict data privacy controls.
Journyx certifies under Privacy Shield and meets all requirements for data processors under GDPR.