JUST Capital - Security Statement

Last Revised: June 22, 2016

Data security, confidentiality, availability, and integrity are vital to business operations of our customers. Safe handling and secure management of data is a global issue that requires constant vigilance. JUST Capital, working in partnership with customers and technology providers, employs a proactive security strategy that combines common sense, industry best practices, and modern technology to keep the JUST Capital service secure. To this end, JUST Capital and our technology partners employ a multi-layered approach to protect information, keeps up with international compliance standards and best practices, tests and adopts new technology, and continues to constantly monitor and improve our applications, systems and security processes. All while paying close attention to specific regulatory requirements in customer industries and locales.

Your data is safe with JUST Capital.

Cloud and Physical Security.

JUST Capital utilises enterprise-class SSAE 16 SOC2 Type II audited and ISO 27001 ceritified facilities that include 24/7/365 managed security and physical access control. JUST Capital and our technology partners proactively monitor the platform and all of its underlying operating components for security incidents, including alert notifications generated by our technology partners' systems, industry and open source alerts, and community alerts. JUST Capital employs a dedicated 3-level support team in 24x7 on-duty mode who are trained to provide systematic and efficient response to incidents including security and availability issues.

Data Security

The JUST Capital Platform reliably secures all key areas, and ensures that all data remains confidential, available and backed up for governance and disaster recovery purposes. Security zones are defined and implemented with specific enforcements, such as protocol enforcement, intrusion detection, and monitoring, while the complete JUST Capital Platform is subjected to regular penetration testing. Customer data is both isolated and encrypted in transport as well as at rest to further enhance its defense.

Operational Security

JUST Capital has deployed several layers of operational security (Defense in Depth) to minimize the risks associated with human activities. Access to the production environment is under strict control, administrators are allowed to invoke platform-specific functions but are not permitted to directly interact with the platform’s underlying components. Access logs are monitored and regularly inspected.

GoodData compliance and certifications: