CLOUD AND HOSTED COMMUNITIES

Jive Data Centers
The data centers where your information is currently hosted by us have multiple security controls which are discussed in white papers that your Account Manager may provide upon request. At a high level, these controls are validated as part of our ISO 27001 and SOC 2 controls, which are externally audited and certified on an annual basis. These controls mitigate the risk of your data being recovered from a physical hard drive if it is stolen by:

• Having strong life-cycle management of the storage arrays

• Controlling physical access to them.

Amazon Web Services Cloud
Once migrated from the Jive data centers to the Amazon Web Service (AWS) Cloud, customer instances will benefit from encryption-at-rest by default. The migration is planned to happen during 2018. Customers who would like a bridge solution that incorporates encryption at rest before their migration to AWS should contact their Account Manager to find out about our current encryption at rest sales offering.

ON-PREMISE CUSTOMERS

On-premise customers are responsible for the security of their Jive installation and data.

Jive already encrypts all traffic between cloud/hosted/on-premise servers and users’ web browsers, as well as between Jive servers and third party services/ software.

Jive’s internal server-to-server communications are protected through network isolation for each customer’s server cluster.

Jive customers can already remove data when necessary using the existing APIs or existing user interface.

Jive performs backups on the following schedule: daily for 7 days, weekly for 5 weeks, and monthly for 3 months.

Jive will update its development processes to include data privacy reviews during architecture, design, implementation, and testing.

As part of our privacy-by-design measures, Jive will internally document where personal data is used within different Jive components.

Jive provides an existing API to download a profile in JSON.

Jive provides an existing API to update user profiles. Jive will update the existing API in the upcoming versions to handle certain fields that cannot be updated via the API today and can only be updated through the user interface (e.g., username). Furthermore, the existing API will leverage the data mapping of personal data to ensure that all subsystems properly reflect the changes to personal data.

Jive provides an existing API to download a user profile as well as any associated user content into a JSON format with additional links to any uploaded files.

Jive uses JSON as a common format, which is standard across the software industry as well as human-readable.

Jive provides an existing API to delete a user.
Jive will update the existing API in the upcoming versions with new functionality to provide  greater flexibility:

• Soft-delete: This option will delete a user’s personal data without deleting the content associated with the user. This may be useful in preserving corporate memory or complying with other regulations around data retention.

• @mentions: This option will scrub all @mentions of a given user. This can be achieved with existing APIs but will be much easier with this new option.

• Delete propagation: Jive has created and will maintain a data mapping of personal data to ensure that personal data is properly removed from all of Jive’s subsystems.

Jive provides an API to allow an individual’s consent to be automated.

Jive provides existing user interface functionality for a “Terms and Conditions” screen.  An administrator may enable this functionality and include a privacy statement from your company that describes why you need to collect personal data and request consent for the collection, processing, and use of personal data.

Jive will create a new cookie banner to notify users that Jive uses cookies.