Enterprise Security

System Security You Can Trust

Our products are SOC 2 Type 2 audited and validated by both internal and external security experts to ensure they are conformant to industry-standard security standards and requirements. We welcome your feedback and invite you contact us with any concerns on product security.


University of Cambridge logo.
Stanford University logo.
Princeton logo.
University of Alberta logo.
University of California, Irvine logo.
North Dakota University System logo.

Security Profile

We Understand the Importance of Security

At YuJa, we understands the importance of information and data security. To help ensure product security and data integrity, we have taken necessary measures ensure you can confidently and safely use our products and services. We are trusted by leading academic institutions around the world to power their campuses and take that responsibility seriously.

Unmatched Security

Unmatched Security for Your Peace of Mind


A woman happily using a tablet computer at night.

Backup & Recovery

Backup & Recovery

YuJa ensures database replication across multiple physical data center zones in real-time. Further, we take hourly snapshots of data that are stored physically apart from our production infrastructure.

A serious freelancer man using phone and laptop.

SSO Authentication

SSO and LTI Authentication

All our products conform to the latest Learning Tool Interoperability (LTI) and Single Sign On (SSO) standards to ensure a seamless experience without the hassle of managing multiple passwords.

Group of coworkers having a conversation at work.

Role-Based Permissions

Role-Based Permissions

Empower your system administrators with full control over user access and tool availability. Each Platform offers a rich set of customizations and settings to ensure role-aligned access rights.

Handsome Young Businessman Using Digital Tablet.

Hosting

Hosting

YuJa is hosted on industry-leading cloud infrastructure to ensure secure physical servers, confidential locations and multiple security layers to prevent unauthorized access to hardware and infrastructure.

People collaborating on a blue gear, demonstrating teamwork and synergy in a professional setting.

Automate

Automate Your Institution’s Workflows

Harness the power of machine learning to automate your data retention workflows. Create policies that make archival as simple as the click of a button. Streamline workflows, reduce manual errors, enhance efficiency, and allow your organization to focus their human resources on more complex and value-added activities with YuJa Himalayas’s automation capabilities.

Unmatched Security

Unmatched Security for Your Peace of Mind

Security certifications

AICPA SOC and GDPR logos.

YuJa conducts a variety of audits to ensure continuous compliance with industry standard best practices:

  • YuJa is SOC 2 Type II compliant and can provide a third-party attestation report covering security, availability, confidentiality and privacy.
  • YuJa follows a commitment to information security at every level of our firm. Our security program is in accordance with industry-leading best practices and guidelines.
  • YuJa has implemented a GDPR (General Data Protection Regulation) readiness program that includes appointing a Data Protection Officer (DPO), putting measures in place to identify and delete private data, ensuring all subcontractors are compliant, and updating Terms and Conditions, Privacy Policy, and Data Processing Addendum (DPA).
  • YuJa hosts all of its software in Amazon Web Services (AWS) data centers. AWS provides an extensive list of compliance and regulatory assurances, including SOC 2 and ISO 27001.
  • All of YuJa servers are located within YuJa’s own virtual private cloud (VPC), protected by restricted security groups.

Data Security


  • YuJa’s web application architecture and implementation follow OWASP guidelines. The application is regularly tested for common vulnerabilities such as CSRF, XSS, and SQL Injection.
  • In addition to YuJa’s extensive testing program, YuJa conducts application penetration testing by a third-party at least annually.
  • YuJa login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in YuJa’s database. Audit logging allows administrators to see when users have last logged in and when passwords were last changed.

Application Security


  • Access to YuJa applications is logged and audited. Logs are kept for at least one year.
  • YuJa maintains a formal incident response plan for major events.

Application Monitoring Security


  • YuJa maintains a publicly available System Status webpage, which includes system availability details, service incident history and relevant security events.

Uptime Security


  • YuJa maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly understands their security responsibilities. YuJa policies are audited annually as part of its SOC 2 certification.
  • Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. YuJa conducts mandatory code reviews for code changes and periodic in-depth security reviews of architecture and sensitive code. YuJa development and testing environments are separate from its production environment.
  • The employee hiring process includes a background screening.
  • At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors and YuJa security controls.
Read our blog

Celebrating Disability Pride Month 2024: “We Want a Life Like Yours”

Celebrating Disability Pride Month 2024: “We Want a Life Like Yours”
This landmark law broke down many barriers to inclusion that people with disabilities face. In honor of its passage, July marks Disability Pride Month, which continues to be a time to honor diversity and celebrate...

Join the Hundreds of Organizations Deploying High-Impact Solutions