Managing an organization’s technology stack can be challenging. In addition to looking for solutions that deliver a great user experience and play nicely with existing systems, you need to ensure that anything you implement complies with all the regulations applicable to the data you manage and the locations where you do business.
Jotform Enterprise helps you deliver on all fronts with
- Single sign-on integrations for secure access
- User management and activity monitoring
- Submission data reporting to respond to requests for information
- Auto-delete features to systematically purge data
- Local data residency center and data localization for secure storage where you need it
- Service-level agreements for peace of mind
- A no-code, drag-and-drop experience for tech-wary workers
Ensuring security best practices
Creating a safe environment for your organization’s data means ensuring the people who interact with that data access it through a secure system. A recent survey of IT experts, employees, and cybersecurity personnel found that 45 percent of people reuse passwords for multiple sites or applications, and 52 percent share their passwords with colleagues, friends, and family members. Perhaps that’s why 80 percent of data breaches result from poor or reused passwords.
You can encourage security best practices with guidelines for password creation and protection. Fortunately, Jotform Enterprise integrates with many of the most popular single sign-on (SSO) identity providers, including Microsoft, Google, Okta, Duo, and OneLogin, so you can be sure users access their forms and information through a secure portal.
Most security-conscious organizations implement two-factor or multifactor authentication (MFA) through their SSO provider. Those security measures carry over automatically to Jotform Enterprise, both for form administrators and for form fillers, if enabled.
The SSO feature also allows you to prefill forms with existing user data to boost efficiency and help you maintain cleaner records. Restricting data access to verifiable users, not some entity claiming to be them, provides peace of mind and reassures those who trust you with their information.
To take data security a step further, Jotform Enterprise features admin and user roles with an Admin Console to help you track submission activity, manage user access, report on data, monitor activity, and more.
Keep your finger on the pulse of your organization’s forms and data right from the dashboard. Navigate across the tabs to monitor user activity and login history, track form creation and changes, and view submission edits and deletions. You can also build reports and download user activity and forms as needed.
The multiuser team structure of Jotform Enterprise gives you complete control over your organization’s data in one centralized location. Add or remove users and customize access with a click to minimize disruptions when someone takes time off or leaves the organization.
Because forms are relatively ubiquitous in the business world, it’s not uncommon for several individual employees in an organization to have their own Jotform accounts. Having multiple single-user licenses (compared to one centrally managed multiuser account) poses several concerns.
First, the forms and data collected through single-user accounts technically belong to that user. If and when they leave an organization, their forms and data leave with them. With Jotform Enterprise, the administrator can simply reassign the seat to another user and retain the forms and data for the organization.
Second, single-user plans are disconnected, eliminating the ability to share and collaborate on forms and access other users’ account data. When evaluating data management systems, don’t overlook the value of collaboration, as it can be a tremendous force for business growth.
Research from McKinsey shows that intensive users of customer analytics are 23 times more likely to outperform their competitors in new customer acquisition than non-intensive users and almost 19 times more likely to achieve above-average profitability.
Finally, multiple single-user accounts make auditing data problematic. For IT audit purposes, every access of submission data needs to be traceable to a unique individual with their own identifiable login credentials. Single-user plans aren’t structured to share data, so users often share a login. Sharing logins is not only poor IT practice but also a violation of Jotform’s terms of service.
The benefits of a local data residency and customer success team
Jotform Enterprise clients benefit from individualized services that enhance data security and platform adoption.
You have the option to white label your forms and apps with a custom domain and branding. A custom domain and branded user experience reassure those clicking on your forms that they have landed in the right place, improving form completion rates.
And, because you can easily share forms using Jotform Enterprise’s multiuser environment, you can create branded form templates for use across multiple departments, speeding platform adoption and ROI while boosting team efficiency.
Jotform Enterprise clients also have a dedicated customer support team to help make the most of the platform. While the no-code, drag-and-drop user experience makes it easy for anyone to build a custom form in minutes, your dedicated support team can help you fine-tune customizations and increase efficiency with real-time support.
Rounding out the services available through Jotform Enterprise is a local data residency center to store your organization’s forms and information, which can be up and running in one business day. Keeping organizational data shielded on a local data residency significantly reduces the potential for security risks and contamination from other sources. You’ll also benefit from greater reliability and reduced site latency.
With a local data residency center, you have complete control over where your server is located and in what location your data is stored, which is critical if you conduct business in locations that have data residency or geolocalization requirements. For instance, if you do business in the U.S., U.K., Australia, or Canada, you likely need a localized storage solution for customer data.
A solid understanding of privacy rights and regulations is essential for anyone collecting, viewing, or managing personal data. While regulatory obligations may not be the most exciting topic for the layperson, being well-versed in this area is arguably preferable to a visit from an auditor or attorney.
Depending on your organization’s location and the type of information it collects, it could be subject to the following laws:
- General Data Protection Regulation (GDPR)
- Australian Privacy Principles (APPs)
- California Consumer Privacy Act (CCPA)
- Health Insurance Portability and Accountability Act (HIPAA)
Let’s look at how Jotform Enterprise can help you comply with these critical pieces of legislation.
Meeting General Data Protection Regulation (GDPR) standards
Europe’s data privacy and security law, the GDPR, may be the world’s strictest privacy and security law. Any organization that collects data on people in the European Union (EU), regardless of that organization’s location or headquarters, must be able to demonstrate GDPR compliance.
Failing to meet these standards can erode public trust and fiscal reserves. The penalties for violating the GDPR top out at 20 million euros or 4 percent of global revenue, whichever is higher.
To prove compliance with GDPR, organizations need documented data protection and ownership responsibilities, two-factor authentication, and end-to-end encryption. Jotform Enterprise makes this simple with single sign-on integrations and user management via the Admin Console, as mentioned above. Jotform Enterprise also offers end-to-end encryption, whether your data is in transit or at rest.
In addition, your data storage system needs to accommodate the privacy rights of individuals as outlined by GDPR, which includes the right to access, erasure, and data portability. Your data management system must enable searches for data records tied to an individual, exports of that data, and the option to delete all data, depending on the request.
Using the Data tab in the Admin Console, Jotform Enterprise administrators can create a report of all submission data tied to an email address, view submission data by form, and delete that submission data by form or for all forms. When it’s best not to store data, you can use the Auto-Delete Submissions feature to delete form submission data automatically within a designated time period.
If your organization needs to comply with a request for information submitted, and the information isn’t tied to a HIPAA-friendly form, you can access this data using Jotform Tables.
From the main Jotform Tables page, hover over your avatar in the upper right corner and click Settings. Next, click Data from the menu on the left and select the Export Data option. From there, you’ll be able to request an export of your data and download it to review and search across all your form submission data.
Australian Privacy Principles (APP) Guidelines and Jotform Enterprise
According to a recent survey, 87 percent of Australians want more control and choice over the collection and use of their personal information. Laws and regulations in Australia related to data collection and individual privacy rights apply to specific entities as outlined by the office of the Australian Privacy Commissioner.
Under the APP, an individual can object to the processing of their personal data. Businesses must take reasonable steps to destroy or de-identify personal information no longer needed for a specific purpose. Additionally, when responding to requests for personal information, businesses must provide that information in the manner requested by the individual.
Jotform Enterprise gives you peace of mind by enabling you to comply with the APP Guidelines and act in line with the prevailing attitudes of Australia’s citizens.
Complying with California’s Consumer Privacy Act using Jotform Enterprise
Consumers in California are protected by the California Consumer Privacy Act (CCPA), which gives them the right to request the data companies have collected from them and to have that data deleted. Jotform Enterprise enables you to search for, download, and delete data in order to respond to CCPA-related requests.
If you need to retrieve submission data for a requestor, use the data export feature in the Jotform Tables Settings menu (explained above) to export and download all form data. Once downloaded, you can search the records for submissions from that individual.
To comply with someone’s “right to be forgotten” or a request to delete all the submission data provided by an individual, go to the Admin Console. Use the Data tab to search by email address and view all the form submission data tied to that email.
Then use the Select All and Delete All options to erase all the selected submission entries.
To proactively minimize the amount of data you store on users, enable the Auto-Delete Submissions feature on your forms to automatically schedule the deletion of data after a designated period of time.
Using Jotform Enterprise to support HIPAA compliance
Organizations that manage data subject to HIPAA regulations must abide by much stricter practices for storing and accessing data in order to protect sensitive health information and personally identifiable information.
Jotform Enterprise HIPAA accounts are served from an isolated HIPAA system, where we take additional measures to avoid unintentional data breaches. For that reason, healthcare providers worldwide choose Jotform Enterprise and our HIPAA-friendly servers to meet their needs.
The multiuser structure of Jotform Enterprise provides a secure environment where you can trace every access of protected health information (PHI) to a unique individual with their own identifiable login credentials, which HIPAA requires.
Additionally, HIPAA-friendly forms are designed so that data is protected and access is carefully controlled. Only a form owner can access or authorize others to access form data.
Additional protections to help you maintain HIPAA compliance include built-in limitations for integrations, file uploads, form ownership, and form cloning. Plus all data is encrypted in transit, end to end, and at rest. Log data is also encrypted to mitigate the risk of ePHI stored in log files.
You can learn more about the differences between regular and HIPAA-friendly servers here.
Rest easy with security features from Jotform Enterprise
Most organizations rely on their data for daily operations and decisions. Securing organizational data is paramount for basic functionality and to preserve your organization’s reputation with the public.
Jotform Enterprise has the features necessary to help you maintain the highest security standards, so you can rest easy. Find more information about Jotform’s security practices here.
Send Comment:
1 Comments:
More than a year ago
I had asked someone to contact met regarding enterprise but have not hear from anyone. We are currently using a bronze level and an additional account for HIPPA compliant forms. My office number is 502-813-4808 if someone can call me between 7am and 5pm eastern time, Monday through Thursday. Thank you.