Enterprise Security

Security and Trust

Our products are audited and validated by both internal and external security experts to ensure they are conformant to industry-standard security standards and requirements. We welcome your feedback and invite you contact us with any concerns on product security.

STUDENT RESPONSE SYSTEM

Information Security

We Understands the Importance of Information and Data Security

At YuJa, we understands the importance of information and data security. To help ensure product security and data integrity, we have taken necessary measures ensure you can confidently and safely use our products and services. YuJa’s SOC 3 report provides a condensed security summary with key information from the SOC 2 report (without the need to sign an NDA). Download our SOC 3 report.

Information Security

Security and Compliance

Third-Party Security Auditors

YuJa is a SOC 2 attested firm that is audited annually. Our production infrastructure runs on HTTPS and is hosted and backed up in AWS data centers. We are audited annually by multiple vendors and have achieved the SOC 2 Type 2 designation.

Security and Compliance

Security certifications

YuJa conducts a variety of audits to ensure continuous compliance with industry standard best practices:

YuJa is SOC 2 Type II compliant and can provide a third-party attestation report covering security, availability, confidentiality and privacy.
YuJa follows a commitment to information security at every level of our firm. Our security program is in accordance with industry-leading best practices and guidelines.
YuJa has implemented a GDPR (General Data Protection Regulation) readiness program that includes appointing a Data Protection Officer (DPO), putting measures in place to identify and delete private data, ensuring all subcontractors are compliant, and updating Terms and Conditions, Privacy Policy, and Data Processing Addendum (DPA).
YuJa hosts all of its software in Amazon Web Services (AWS) data centers. AWS provides an extensive list of compliance and regulatory assurances, including SOC 2 and ISO 27001.
All of YuJa servers are located within YuJa’s own virtual private cloud (VPC), protected by restricted security groups.

Data Security

YuJa’s web application architecture and implementation follow OWASP guidelines. The application is regularly tested for common vulnerabilities such as CSRF, XSS, and SQL Injection.
In addition to YuJa’s extensive testing program, YuJa conducts application penetration testing by a third-party at least annually.
YuJa login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in YuJa’s database. Audit logging allows administrators to see when users have last logged in and when passwords were last changed.

Application Security

Access to YuJa applications is logged and audited. Logs are kept for at least one year.
YuJa maintains a formal incident response plan for major events.

Application Monitoring Security

YuJa maintains a publicly available System Status webpage, which includes system availability details, service incident history and relevant security events.

Uptime Security

YuJa maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly understands their security responsibilities. YuJa policies are audited annually as part of its SOC 2 certification.
Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. YuJa conducts mandatory code reviews for code changes and periodic in-depth security reviews of architecture and sensitive code. YuJa development and testing environments are separate from its production environment.
The employee hiring process includes a background screening.
At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors and YuJa security controls.