3 Replies Latest reply on Nov 30, 2017 2:40 PM by Jeff Shurtliff

    Are Jive Software's information security practices documented anywhere?

    Jeff Shurtliff

      We are required to perform a risk assessment on our third-party vendors relating to Information Security as part of our GRC program and I'm wondering if Jive has any of their practices documented or if I need to engage Jive Support for all of them.  Can anyone point me in the right direction?

       

      For example, these are some of the questions that we have to answer regarding Jive Software / Aurea:

      • Are new hires, temporary workers, and contractors required to sign an information confidentiality agreement?
      • Does the organization maintain a dedicated staff to manage physical and electronic security?
      • Has one individual been appointed within the organization that is accountable for overall information security?
      • Does a data handling policy exist and is the policy reviewed and reaffirmed on annual basis, and communicated to affected stakeholders at least annually?
      • Are security incidents promptly reported to a responsible individual for investigation?
      • Is there an information security incident response team ready to be deployed in the event of known or suspected unauthorized access to sensitive information?

       

      So far the only security-related documentation I've found on JiveWorks is this:  Jive Software Security Vulnerability Monitoring Process