We do everything in our power to protect you and your businesses from attempts to compromise your data. We vigorously resist any unlawful attempt to access our customers’ data. Jopari used an independent auditor that has verified that our privacy practices and contractual commitments comply with state and federal Privacy regulations.
“Do we maintain ownership of the information we send to Jopari?”
- The data you have sent for business processing belongs to you.
- We do not use your information for anything but the purposes specified in your agreement
- You have control over your data.
- We comply with the HIPAA Media Destruction and Disposal Regulations
“When can Jopari employees access my account?”
Jopari may only access data in your account in strict compliance with our Privacy Policy and your Customer Agreement. We also further describe in your Business Association Agreement and Service Level Agreement the use of our commitment to protecting your data. For purposes of providing technical support, an administrator from your domain may choose to grant the Jopari Support team permission to access accounts in order to resolve a specified issue, if applicable.
“Does giving Jopari access to my data create a security risk? How does Jopari ensure that its employees do not pose a threat?”
Jopari’s security practices are verified and certified by third-party auditors. An independent auditor has certified and examined the controls present in our data centers, infrastructure, and operation. Jopari employment practices require employees are subject to background investigations based on their level of access. Any employee access is governed by a policy of “least privilege access,” which means that access is only granted to the information and resources that are necessary for the execution of the assigned task.
“How do we know you do what you say?”
Jopari’s applications are certified for SOC 2 Type 11 and SOC 3 by the American Institute of Certified Public Accountants (AICPA). In addition ,Jopari is annually certified in the Shared Assessment AUP Evidence Based Vendor Third Party Risk Assessment and audited by independent Third Party Web Security entities for regulatory compliance. This means that independent auditors have examined the controls protecting the data in our systems (including logical security, privacy, and data
center security), and assured that these controls are in place and operating effectively.