Security and Compliance
Security and Trust
Our products are audited and validated by both internal and external security experts to ensure they are conformant to industry-standard security standards and requirements. We welcome your feedback and invite you contact us with any concerns on product security.
We Understands the Importance of Information and Data Security
At YuJa, we understands the importance of information and data security. To help ensure product security and data integrity, we have taken necessary measures ensure you can confidently and safely use our products and services.
Security and Compliance
Secure Infrastructure and Third-Party Security Auditors
YuJa is a SOC 2 attested firm that is audited annually. Our production infrastructure runs on HTTPS and is hosted and backed up in AWS data centers. We are audited annually by multiple vendors and have achieved the SOC 2 Type 2 designation.
YuJa conducts a variety of audits to ensure continuous compliance with industry standard best practices:
- YuJa is SOC 2 Type II compliant and can provide a third-party attestation report covering security, availability, confidentiality and privacy.
- YuJa follows a commitment to information security at every level of our firm. Our security program is in accordance with industry-leading best practices and guidelines.
- YuJa hosts all of its software in Amazon Web Services (AWS) data centers. AWS provides an extensive list of compliance and regulatory assurances, including SOC 2 and ISO 27001.
- All of YuJa servers are located within YuJa’s own virtual private cloud (VPC), protected by restricted security groups.
- YuJa’s web application architecture and implementation follow OWASP guidelines. The application is regularly tested for common vulnerabilities such as CSRF, XSS, and SQL Injection.
- In addition to YuJa’s extensive testing program, YuJa conducts application penetration testing by a third-party at least annually.
- YuJa login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in YuJa’s database. Audit logging allows administrators to see when users have last logged in and when passwords were last changed.
- Access to YuJa applications is logged and audited. Logs are kept for at least one year.
- YuJa maintains a formal incident response plan for major events.
Application Monitoring Security
- YuJa maintains a publicly available System Status webpage, which includes system availability details, service incident history and relevant security events.
- YuJa maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly understands their security responsibilities. YuJa policies are audited annually as part of its SOC 2 certification.
- Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. YuJa conducts mandatory code reviews for code changes and periodic in-depth security reviews of architecture and sensitive code. YuJa development and testing environments are separate from its production environment.
- The employee hiring process includes a background screening.
- At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors and YuJa security controls.