Trust Jive

OUR COMMITMENT TO SECURITY, AVAILABILITY AND PRIVACY

Millions of users depend on Jive every day to keep their information safe while driving mission-critical business processes. That’s why we’ve taken a no-compromise approach to security, privacy and availability. Jive combines best-of-breed technology, a highly trained and experienced staff, adherence to strict industry standards and the flexibility to meet diverse customer requirements.

Security

Jive AI leverages multiple layers of defense to protect key information and handle critical facets of network and application security, including authentication and authorization.

Our company has implemented an extensive information security program designed to protect information subject to privacy laws, to ensure data security and confidentiality, protect against anticipated threats or hazards or unauthorized access. Jive maintains a mature security program, based on industry best practices. This page provides key information; more details are available to prospects under a Non-Disclosure Agreement.

Third Party Certifications and Audits

Third-party certifications and audits are an important component of our security program. Jive maintains:
• AICPA System and Organization Controls (SOC) 2 Type II Report.

Jive Security Architecture

Jive's security architecture is designed with confidentiality, integrity and availability in mind. We apply industry standard, risk-adjusted security controls at various layers ranging from network infrastructure security, to IT system/host security, and application security. Jive has the following security controls:

Secure Data Center

We are generally utilizing Amazon Web Services ("AWS") for hosting. AWS's security is best-in-class and its customers benefit from limitless scalability, improved monitoring and notification, and a series of industry recognized security certifications, like ISO 27001, ISO 22301, SOC 2 Type II. Please visit https://aws.amazon.com/compliance/programs for more information on the AWS Compliance Program and related certifications.

Encryption

Jive provides industry standard encryption options for customers to use for data in transit. As part of our hosting in AWS, the customer database is encrypted at rest.

Jive AWS Cloud Infrastructure

The cloud infrastructure in AWS is designed in accordance with best practices guidelines. Please visit https://aws.amazon.com/security for more information on AWS Cloud Security.

Cookies

More information on how cookies are used is available at https://docs.jivesoftware.com/legal_and_compliance/cookie_consent/JiveCookies.

Security Monitoring

Our networks and systems are monitored for security issues. Security events are correlated for evaluation by our security team.

Application Programming Interfaces (API)

Secure APIs are available for customers, and can be used to export data to a Security Information and Event Management solution.

Hardened Operating Systems

Operating systems are hardened and configured to only use the required services and resources.

Separated Services

Services are isolated and not shared, minimizing the risk of unintended data disclosure.

Strict Access Controls

Jive enforces strict access control on key systems. We perform regular internal audits and use automated tools to verify desired configurations.

Strict Ingress and Egress Points

Access to the application is restricted to select ports. Jive administration is limited to a small group of Jive workers using a secure 2-factor authentication based VPN to access customer environments where administrative activity is logged.

Security Architecture

Jive’s security architecture includes AWS and other components. The Jive production network is completely segregated from the corporate network.

Data Security

All of our security controls and risk analysis are based around the premise of protecting customer data. Jive hosting supports various encryption methods to protect data transiting over untrusted networks. Customers can choose to implement SSL or VPN technology to add a layer of protection to their hosted site. Encryption has also been implemented for both transit and storage of backups.

Restricted Access to Customer Data

Jive’s access to customer data is highly restricted, and access requests by our support personnel follow a controlled and documented process.

Incident and Response

Jive has an incident response process designed to handle data incidents.

Logging and Audit

Activity is logged in a protected system and is audited using automated tools.

Training

All Jive staff are required to participate in security training.

Software Engineering Security Process

Security is continuously improved and tested throughout the Jive product lifecycle. New feature designs are audited for high-level security considerations, and feature implementations are checked for security flaws throughout the development lifecycle. Existing features are audited for security vulnerability regressions, and application-wide checks are performed to ensure that feature integration is secure. Third-party components used by Jive are monitored for vulnerabilities.

Certified Security Personnel

Jive’s security team and 3rd party auditing staff include certified Information Security professionals with expertise in application, network and architecture security who help implement our security policies and security controls. These professionals carry graduate-level degrees, 10+ years of industry experience, and security certifications including CISA, CISM, and ISO Lead Auditor.

Best Practices

Jive maintains secure programming best practice documents based on OWASP Top 10. Best-practice documents are updated on a regular basis to reflect the latest information, and to provide developers with real-world examples of programming mistakes and how to avoid them.

Applications Security Process

Security Assessment

Jive’s release readiness workflow includes security tests and assessments which are conducted at critical milestones, prior to release. Security vulnerabilities discovered during these tests are then reviewed for criticality, and assigned to our teams for resolution. Based on criticality, the issue may be resolved prior to release, or addressed in a future update.

Managing Vulnerabilities

Jive conducts vulnerability scanning of our cloud and hosted environments, and releases patches as appropriate. Customers are free to install the security patches in an on-premise instance, and the hosting team is available to apply security patches per customer requests. Jive leverages US-CERT alerts, open source data and internal testing to identify potential vulnerabilities. Remediation efforts are prioritized based on the assessed impact and the risk level calculated by the Common Vulnerability Scoring System.

Product Security Features

The Jive platform has a number of built-in features for configuring security at a level appropriate to your organization. Our Professional Services team is available to perform customizations on your instance, if the out-of-the-box options don’t meet your requirements.

Tools

Jive utilizes security tools to monitor our environment for threats such as:

Intrusion
Security events
Distributed Denial of Service attacks
Application and network vulnerabilities

Availability*

Jive strives to maintain excellent uptime for our customers.

System features status is posted at https://status.ignitetech.com.

Instance-specific uptime reports are available for review on a monthly basis.

*The solution is available if Jive can complete the following tasks using its automated metric calculation tools:

Access the home page of the administrative interface for the community and confirm correct rendering of the page
Log into the solution using the private Jive account (i.e., no SSO login) and confirm correct rendering of the page
Navigate to the community landing page and confirm correct rendering of the page

Privacy

Jive respects your privacy and is committed to protecting Personal Data of our customers, partners and website visitors.

GDPR Compliance

On 25 May 2018, the General Data Protection Regulation (GDPR) took effect in the European Union (EU). The new regulation imposes broad new data privacy protections for EU individuals and applies to any company that collects or handles EU personal data. Jive is committed to helping our customers comply with the GDPR through privacy and security protections in our products and services. We have taken steps to implement GDPR-compliant functionality in our Jive Interactive Intranet product. The new features are supported in Jive cloud, hosted, and on-premise software deployments.