Securing Your Data
At Justworks, we are keenly aware of the criticality of the data entrusted to us by our customers and their end users. Trust, safety, and security are core values.
Justworks has designed and implemented, and maintains a comprehensive security program, tailored to protect the sensitive data entrusted to our service. We are committed to protecting your data from unauthorized access from outside your company and from inappropriate usage by other users. Our layers of defense to secure customer data include the following important technical and procedural security measures:
Governance and Risk Management
-
We employ a robust set of policies setting the standards, guidelines, and best practices for everyone to do their job in a secure manner.
-
We implement a governance model and manage security risks and their mitigation comprehensively and consistently across the organization.
-
We regularly assess and mitigate cybersecurity risks, including comprehensive annual risk reviews of key vendors.
-
We conduct regular security training and communication to raise security awareness, and enhance our role based security training for engineers, customer success teams, and others.
Data Protection
-
External network communication with Justworks is encrypted.
-
We apply encryption at rest using strong encryption algorithms and leverage cloud security services for data encryption.
-
We have deployed advanced Data Loss Prevention technology to monitor and protect customer’s data.
-
We apply sanitization and obfuscation procedures whenever possible to better protect customer data.
Application Security and Product Security
-
We apply code scanning into the Software Development Lifecycle (SDLC) and the Continuous Integration and Continuous Deployment (CI/CD).
-
We adopt the continuous testing approach by conducting external and internal penetration testing regularly.
-
We enhance our continuous testing capability with our bug bounty program.
-
We leverage Web Application Firewall to better protect Justworks in real time.
Identity and Access Management
-
We enable multi-factor authentication to Justworks applications and other internal used applications and tools.
-
We leverage password vault and secret manager to protect privileged accounts.
-
We enhance our onboarding and offboarding process to tighten identity governance and assurance.
-
We adopt role-based access control to manage access and entitlement, focusing on least privilege and need-to-know principles.
Endpoint and Infrastructure Security
-
We leverage Endpoint Detection and Response (EDR) technology on both endpoints and cloud workloads to detect malware and malicious activities, and block attacks.
-
We adopt an automated cloud deployment process with a defined change management process while we’re also proactively monitoring cloud configurations.
-
We apply Firewall, Intrusion Detection, VPN, and other network security controls to protect our network and infrastructure.
-
We constantly scan vulnerabilities in the cloud and perform patch management and vulnerability remediation in a timely manner.
Monitoring and Incident Response
-
We adopt Security Incident and Event Management (SIEM) technology to better monitor and correlate the logs.
-
We manage cloud posture by closely monitoring assets, activities, and vulnerabilities, as well as maintaining a proper good security posture.
-
We follow a documented Incident Response Process and Crisis Management Process if there is any security incident.
-
We conduct regular table-top exercises to improve incident response capabilities.
We know we are trusted with very sensitive information, and we take that responsibility very seriously. We have strict and clear security policies and regularly keep our team up-to-date on best practices.
If you have further questions, don’t hesitate to contact us at support@justworks.com. We’ll be happy to answer.
Disclaimer
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, legal or tax advice. If you have any legal or tax questions regarding this content or related issues, then you should consult with your professional legal or tax advisor.