We believe it is important to provide transparency to our clients so they know what happens with their data and that they are always in control of it. Your Jopari Service Level Agreement (SLA) and your Business Associate Agreement (BAA) defines the scope of services you have contracted for and specifies how your data is to be used per your agreement .We will also notify you on any third party data request.
“What do you use my data for?”
Jopari processes your data to fulfill our contractual obligation to deliver our services. Our clients own their data, not Jopari. We do not sell your data to third parties.
“How do I know if there is an issue with my data?”
For security events that may affect the confidentiality, integrity, or availability of systems or data, Jopari has an incident management process in place. This process specifies courses of action and procedures for notification, escalation, mitigation, and documentation. To help ensure the swift resolution of security incidents, the Jopari Incident Response Team is available 24/7.
In the case of a security event, a member of our Incident Response Team will notify the affected customers of the incident that affect the confidentiality, integrity or availability of their data. Once an initial notification is made, we follow state and federal breach incident procedures for investigation, risk assessment and follow-up notifications and calls as needed for the affected parties to understand the incident and take remediation action as appropriate and required by state and federal law.
“Who at Jopari can look at my data?”
Access rights are based on a Jopari employee’s job function and role. The access rights use the concepts of least-privilege and need-to-know—commensurate with the employee’s defined responsibilities. Access rights are based on the National Institutional Standards and Technology (NIST) Control requirements as specified by state and federal regulatory requirements. Jopari employees are only granted a limited set of default permissions to access company resources. Jopari requires the use of a unique user ID for each employee. This account is used to identify each person’s activity on Jopari’s network, including any access to employee or customer data.
“Where is my data stored?”
Your data is stored at Rackspace our hosted site with back up redundant sites. Jopari’s computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks. The data center is monitored 24/7 with security and privacy controls that meet state and federal security regulatory requirements to ensure your data is secured.
“How do we know you do what you say?”
Jopari’s applications are certified for SOC 2 Type 11, by the American Institute of Certified Public Accountants (AICPA). This means that an independent auditor has examined the controls protecting the data in our systems (including logical security, privacy, and data center security), and assured that these controls are in place and operating effectively. For Inquires relating to Jopari’s SOC2 Type 11 certification, please contact firstname.lastname@example.org for more information.