Jotform Enterprise

SOC 2 Compliance

At Jotform, we’re committed to providing the highest level of data security, so our users know their information is in good hands. We’re happy to announce that Jotform Enterprise now offers a SOC 2 Type II-compliant solution.

About SOC

In September 2022, we received our audit report on SOC 2 compliance from an independent auditor, ensuring that we meet the latest security standards. This report shows our Enterprise customers how we designed and independently tested our security controls, so they are confident that their data is secure. The independent assessment gives both enterprise customers and end users more peace of mind.

SOC 2 Trust Principles

Jotform Enterprise abides by the five SOC 2 Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. Read on for more information on each principle.

  • Security

    Jotform ensures that your form data and responses are protected against unauthorized access. Your Jotform Enterprise data is hosted in local data residency centers that comply with high security standards. You can also add password protection to your forms and ensure that all form submissions are encrypted for your safety. Enabling multifactor authentication (MFA) on your Jotform Enterprise account is another way to stop hackers in their tracks.

  • Availability

    Jotform Enterprise systems have an SLA of 99.5 percent uptime and are monitored for anomalies on a 24-7 basis. Server and network health is managed to ensure high performance and consistent system operations. The system is built to detect and mitigate security incidents, and if disaster strikes, Jotform follows a rigorous disaster recovery plan.

  • Processing Integrity

    Jotform follows strict policies and controls to ensure that access to your data is restricted to authorized users. As an Enterprise customer, you own your submission data, which cannot be viewed by Jotform personnel without your permission. Data is stored in an encrypted format and our data processing is designed to fully satisfy both your organization’s objectives and regulatory frameworks.

  • Confidentiality

    At Jotform, we further protect your business’s data by allowing you to set granular access restrictions on both your forms and form submissions. Forms can easily be password protected and submissions are encrypted and available only to the form owner by default, unless you decide to share them with another authorized user.

  • Privacy

    Jotform’s robust privacy features safeguard any personally identifiable information from unauthorized access. That includes names, social security numbers, and addresses — as well as identifiers such as race, ethnicity, and health information — meeting the same privacy standards required by regulations like HIPAA.

    Learn more about Jotform’s security policies.

SOC 2-compliant Jotform Servers

Enterprise customers can request to have their servers provisioned in our SOC 2-compliant environment. This allows you to deploy custom forms and apps on our hosted platform on systems secured and managed by Jotform that are compliant with these controls.

Physical Server Security

No matter what kind of data you manage, it’s safe with Jotform Enterprise. Jotform servers are hosted in Google Cloud, meaning Google is responsible for the physical security controls over the data centers hosting Jotform’s infrastructure. We’re proud to partner with such trusted services and committed to operating effectively and keeping your data safe.

To receive a copy of the SOC 2 report if you are an existing Jotform Enterprise customer, please contact your account representative. If you are currently not a Jotform Enterprise customer, please contact our team and a representative will reach out to you with details. To learn more about SOC 2 Type II compliance and what it means for your organization, click the link below to watch our informational webinar.