In September 2022, we received our audit report on SOC 2 compliance from an independent auditor, ensuring that we meet the latest security standards. This report shows our Enterprise customers how we designed and independently tested our security controls, so they are confident that their data is secure. That’s why we’ve become SOC 2 Type II-compliant — giving both our users and our company more peace of mind.
SOC 2 Trust Principles
Jotform abides by the five SOC 2 Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. Read on for more information on each principle.
Jotform ensures that your form data and responses are protected against unauthorized access. Your Jotform Enterprise data is hosted on dedicated servers that are compliant with high security standards. You can also add password protection to your forms and ensure that all form submissions are encrypted for your safety. Enabling multifactor authentication (MFA) on your Jotform account is another way to stop hackers in their tracks.
Jotform Enterprise systems have an SLA of 99.5 percent uptime and are monitored for anomalies on a 24-7 basis. Server and network health is managed to ensure high performance and consistent system operations. The system is built to detect and mitigate security incidents, and if disaster strikes, Jotform follows a rigorous disaster recovery plan.
Jotform follows strict policies and controls to ensure that access to your data is restricted to authorized users. As an Enterprise customer, you own your submission data, which cannot be viewed by Jotform personnel without your permission. Data is stored in an encrypted format and our data processing is designed to fully satisfy both your organization’s objectives and regulatory frameworks.
At Jotform, we further protect your business’s data by allowing you to set granular access restrictions on both your forms and form submissions. Forms can easily be password protected and submissions are encrypted and available only to the form owner by default, unless you decide to share them with another authorized user.
Jotform’s robust privacy features safeguard any personally identifiable information from unauthorized access. That includes names, social security numbers, and addresses — as well as identifiers such as race, ethnicity, and health information — meeting the same privacy standards required by regulations like HIPAA.
Jotform Servers Are SOC 2-compliant
Enterprise customers can request to have their servers provisioned in our SOC 2-compliant environment. This allows you to deploy custom forms and apps on our hosted platform on systems secured and managed by Jotform that are compliant with these controls.
Physical Server Security
No matter what kind of data you manage, it’s safe with Jotform Enterprise. Jotform servers are hosted in Google Cloud, meaning Google is responsible for the physical security controls over the data centers hosting Jotform’s infrastructure. We’re proud to partner with such trusted services and committed to operating effectively and keeping your data safe.