SECURITY ENGAGEMENT
We have always taken the topics of security and privacy at djob very seriously. It is our highest priority to protect the data we work with, including our clients’ data. We strive to always use the highest measures so that we stay secure and compliant. Security shapes our structure, educational objectives, and recruiting process. This page outlines djob’s perspective on security and compliance. It focuses on security controls and elaborates on processes and details of how djob protects our clients’ data.
date of last update: September 27th 2023.
1. Security as our priority
We strive to create a strong security culture amongst all employees of djob. We strongly believe that every employee is an essential part of our defense against potential security breaches.
This culture has a strong impact on all employees and is present at all stages and everywhere, including the hiring process, and employee onboarding, but also as a part of the ongoing training that djob provides and company events to raise awareness. All our employees must be familiar with our security policies and go through security training as part of the onboarding process and receive regular security training throughout their stay here at djob.
This shows our commitment to keeping the data of our customers secure.
All employees working at djob must follow our password security and lockout policy, must have 2FA authentication.
The compliance of employees workstations is monitored on daily basis to ensure hard disk encryption, firewall, strong password policy and screen lock.
2. Security development practices
The developers in the IT segment receive instructions on topics like best coding and development practices, the principle of least privilege when granting access rights, etc.
All employees working in IT areas are encouraged to go through OWASP trainings.
The IT department also attends technical presentations on security-related topics and receives regular updates on the newest issues from the Cybersecurity space in our Security channel.
3. Strong Architecture
Our infrastructure runs on AWS, with a data residency in Europe. We trust AWS ability to ensure the availability of their services and store data securely.
Our architecture has been designed according to all Industry Best Practices, ensuring high availability and disaster recovery, data encryption (at rest and in transit), networks segregations, firewalling, load balancing, least privilege access control and audit logs.
Our source code is scanned regularly against security vulnerabilities and quality of code.
4. Data encryption
Whenever we store data there are several layers of encryption. By default, data is encrypted both at rest and in transit.
Encryption at rest: protects your data from a system compromise or data exfiltration by encrypting data while stored. To encrypt data at rest, the Advanced Encryption Standard (AES) is used.
Our encryption utilizes encryption keys, which are managed by AWS.
Encryption in transit: protects your data if communications are intercepted while data moves between your site and the cloud provider. This protection is achieved by encrypting the data before transmission, authenticating the endpoints, and decrypting and verifying the data on arrival. This level of security is achieved through Transport Layer Security (TLS) to encrypt data in transit. TLS acts as a tunnel to separate data from the outside environment, and the endpoints exchange encryption keys. AWS also encrypts and authenticates all our data in transit at one or more network layers, when data moves outside physical boundaries not controlled by or on behalf of AWS.
Our encryption utilizes encryption keys, which are managed by AWS.
When data are in transit via 3rd party, they are protected and transferred via Hypertext Transfer Protocol Secure (HTTPS).
5. Our certificates and reports
djob is in the process of performing ISO 27001:2022 certification to show how seriously we take the topics of security and compliance.
Once completed, you will be able to find out certificate on our website.
In the meantime clients can request a certificate attesting that such certification is on-going.
Additional reports, such as detailed Audit analysis, Vulnerability Scans and Penetration Tests Reports can be made available to our clients via an NDA in place.
These documents go into depth about technical security measures in our application's infrastructure, and organizational security measures in the company.