System Security You Can Trust

Security certifications

YuJa conducts a variety of audits to ensure continuous compliance with industry standard best practices:

• YuJa is SOC 2 Type II compliant and can provide a third-party attestation report covering security, availability, confidentiality and privacy.
• YuJa follows a commitment to information security at every level of our firm. Our security program is in accordance with industry-leading best practices and guidelines.
• YuJa has implemented a GDPR (General Data Protection Regulation) readiness program that includes appointing a Data Protection Officer (DPO), putting measures in place to identify and delete private data, ensuring all subcontractors are compliant, and updating Terms and Conditions, Privacy Policy, and Data Processing Addendum (DPA).
• YuJa hosts all of its software in Amazon Web Services (AWS) data centers. AWS provides an extensive list of compliance and regulatory assurances, including SOC 2 and ISO 27001.
• All of YuJa servers are located within YuJa’s own virtual private cloud (VPC), protected by restricted security groups.

Data Security

• YuJa’s web application architecture and implementation follow OWASP guidelines. The application is regularly tested for common vulnerabilities such as CSRF, XSS, and SQL Injection.
• In addition to YuJa’s extensive testing program, YuJa conducts application penetration testing by a third-party at least annually.
• YuJa login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in YuJa’s database. Audit logging allows administrators to see when users have last logged in and when passwords were last changed.

Application Security

• Access to YuJa applications is logged and audited. Logs are kept for at least one year.
• YuJa maintains a formal incident response plan for major events.

Application Monitoring Security

• YuJa maintains a publicly available System Status webpage, which includes system availability details, service incident history and relevant security events.

Uptime Security

• YuJa maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly understands their security responsibilities. YuJa policies are audited annually as part of its SOC 2 certification.
• Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. YuJa conducts mandatory code reviews for code changes and periodic in-depth security reviews of architecture and sensitive code. YuJa development and testing environments are separate from its production environment.
• The employee hiring process includes a background screening.
• At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors and YuJa security controls.