PCI-DSS compliance: Is the submission data now encrypted?

  • Profile Image
    Lindbergh 
    Asked on October 28, 2018 at 07:08 PM

    Hi Support team,


    Can you please advise if the data at rest is now encrypted when stored on the AWS or Google servers after you have attained PCI-DSS compliance in September 2018?


    Cheers

    Lindbergh

  • Profile Image
    ashwin_d
    Answered on October 29, 2018 at 03:20 AM

    Please note that submission data is not encrypted by default unless you manually enable encryption in form. You may like to take a look at the following guide on how enable encryption in form:  https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

    Hope this helps.

    Do get back to us if you have any questions.

  • Profile Image
    Lindbergh 
    Answered on October 30, 2018 at 08:53 PM

    Thanks for the response.

  • Profile Image
    Lindbergh 
    Answered on November 20, 2018 at 07:08 PM

    Hi Jotform Support,


    Just a follow-up query here, just to clarify do you any disk-level encryption? i.e. in the event the disk containing our data is lost we have confidence that our data is not exposed. This would be different from file-level encryption which i assume is the "Encrypted Forms".

    Hence for customers who don't enable encrypted forms how is their data protected when transferred to a backup tape etc. 

  • Profile Image
    ashwin_d
    Answered on November 21, 2018 at 01:20 AM

    Let me forward your query to our backend team. We will get back to you as soon as we have any update on this. 

  • Profile Image
    uygar
    Answered on November 22, 2018 at 01:32 AM

    Hi,

    We use Google and AWS servers for all data related transfers. They have a disk-level encryption by default on their disks. 

  • Profile Image
    Lindbergh 
    Answered on November 25, 2018 at 04:30 AM

    Thanks, this is heaps helpful.