Skip to Content

Jitterbit Harmony security features

Introduction

Jitterbit is vigilant at applying safe and secure integration processes. We use strict security measures to protect our customers' valuable information, and constantly evaluate and improve our systems and processes to keep abreast of the latest security demands. The Information Security Management System of Jitterbit has been certified to conform with ISO 27001 version 2013 with supplemental controls in ISO 27017. Jitterbit has achieved ISO 27001 certification from A-lign, an independent, third-party auditor accredited by the ANSI ASQ National Accreditation Board (ANAB). See ISO 27001 and ISO 27017 certification for details. Jitterbit's security features are summarized below.

Harmony cloud security

  • Encrypted messaging
  • Web services security (v3)
  • HTTPS encryption
  • No inbound connections from cloud to agent (i.e. the server running on customer's network)
  • Authentication
  • Access control lists
  • SOC 1 Type 1 and Type 2
  • SOC 2 Type 1 and Type 2
  • SOC 3 Type 1 and Type 2
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Policy (CCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • FIPS 140-2 encryption and unique-per-customer encryption keys
  • Password encryption
  • Two-factor authentication
  • Single sign-on (SSO)
  • CAPTCHA is enforced once the number of Harmony portal login attempts reaches a certain threshold
  • Configuration of integration projects deployed on Harmony to meet several industry-specific and regional regulations and standards including:
    • Compliant with the policies established by the EU for GDPR
    • Compliant with the policies of HIPAA established by the US Department of Health & Human Services (HHS)
    • Compliant with the standards and best practices established by Cloud Security Alliance (CSA)

Data center security

  • Highly secure data centers with state-of-the-art electronic surveillance and multi-factor access control systems
  • 24x7 professional security staff
  • Least-privileged-based access system
  • Fire detection and suppression
  • 24x7 power, UPS (uninterruptible power supply) provides backup power
  • Climate and temperature control
  • Monitored electrical, mechanical, and life support systems and equipment so that any issues are immediately identified
  • Multiple availability zones allow you to remain resilient in the event of system failures and natural disasters
  • Storage device decommissioning
  • Business continuity management
  • High availability and fault tolerance
  • Data replication and backup
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
  • SOC 2
  • SOC 3
  • PCI DSS Level 1
  • FIPS 140-2

Network security

  • Secure network architecture including firewall and other boundary devices that employ rule sets, access control lists (ACLs)
  • Distributed Denial of Service (DDoS) protection and mitigation
  • Port scanning, spoofing, and sniffing defenses
  • Network host vulnerability scanning
  • Secure access points: API endpoints that allow secure HTTP (HTTPS) access
  • Transmission protection using SSL
  • All agent / Studio to cloud communication using SSL/TLS encryption (HTTPS)
  • Penetration testing
  • Host hardening
  • Network monitoring and protection

Jitterbit security release policy

Jitterbit releases critical patches within four weeks of the first report, or earlier.

Jitterbit privacy policy

Refer to the Jitterbit Privacy Policy.