"We will require Infosec assessment to be performed on Jotform. "

We will require Infosec assessment to be performed on Jotform.

Hi Pooja,

Thanks for reaching out to Jotform Support. I'm an AI assistant here to assist you.

For an internal Infosec or vendor risk assessment of Jotform, you can rely on the security and data center information that is already documented and independently audited.

Let me help you with that:

1. Review Jotform’s security practices

   Jotform’s systems are regularly tested against external and internal threats, and intrusion detection is in place. Jotform uses a Host Intrusion Detection System (HIDS) on application servers and a Network Intrusion Detection System (NIDS) on development offices. Additionally, PCI intrusion detection policies are applied as defined by PCI requirements.

2. Include employee and access controls in your assessment

   All Jotform employees must pass a rigorous screening process at the time of hiring, and all employees must sign and are bound by a non-disclosure agreement (NDA). Passwords in Jotform are encrypted with salt and SHA-256.

3. Document data center and hosting security

   Jotform uses Google Cloud as the primary platform and Amazon Web Services (AWS) as the secondary platform, and does not maintain any in-house servers. Both providers meet high security and compliance standards:

   • Google Cloud complies with SSAE16 / ISAE 3402 Type II, SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), and PCI DSS v3.2, and enables HIPAA compliance.
   • AWS complies with SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), and PCI DSS Level 1, and also enables HIPAA compliance.

   You can also reference that Jotform’s data centers meet the highest security standards and that current cloud hosting locations are listed under the Data Centers section on Jotform’s security information page.

After we hear back from you, we’ll have a better idea of what’s going on and how to help.