JoveWhizz implements information security and cybersecurity controls to protect survey data, respondent data, research databases, and client information from unauthorised access and threats. Our security framework follows industry standards and best practices for data security, data breach prevention, and cyber risk management, ensuring the confidentiality and integrity of all research data.
JoveWhizz maintains an information security management system aligned with internationally recognised standards. The security framework encompasses policies, procedures, and information security controls designed to protect the confidentiality, integrity, and availability of research data and systems. Regular security audits and cybersecurity audits evaluate the effectiveness of these controls.
The framework is supported by executive oversight, dedicated security resources, and a culture of security awareness reinforced through security awareness training and cybersecurity awareness training programmes. Security policies are documented, accessible, and regularly reviewed to address emerging threats. Business continuity and disaster recovery arrangements ensure operational resilience in the event of security incidents or system disruptions.
Access to research data and systems is controlled through role-based access controls, least privilege principles, and strong authentication mechanisms. Access rights are granted based on business need and reviewed periodically.
Multi-factor authentication is required for access to sensitive systems and remote access. User access is logged and monitored, and accounts are promptly deactivated when no longer needed.
JoveWhizz secures its network infrastructure through firewalls, intrusion detection and prevention systems, network segmentation, and regular vulnerability assessments. Data in transit including survey responses and interview recordings is protected using encryption protocols.
Cloud infrastructure used for research data processing including panel data and research databases is evaluated for security posture and compliance with applicable standards. Security controls are configured in accordance with industry best practices and vendor recommendations.
All devices used to access research data are subject to endpoint security controls including antivirus software, encryption, device management, and security patching. Bring Your Own Device (BYOD) usage is governed by a security policy.
Mobile devices and portable media are subject to additional controls to prevent data loss. Remote work policies ensure that research data remains protected regardless of where employees are working.
JoveWhizz operates a vulnerability management program that includes regular scanning, patch management, and remediation of identified vulnerabilities. Security updates are applied in accordance with risk prioritisation as part of our cyber risk management approach.
Penetration testing and security audits are conducted periodically to evaluate the effectiveness of security controls. Findings are documented, prioritised, and remediated through a structured process. Cybersecurity audit results are reported to management and used to drive continuous improvement.
JoveWhizz monitors systems and networks for security events and anomalies through security monitoring capabilities that support threat detection and threat intelligence gathering. Security information and event management tools provide real-time visibility into potential threats and enable rapid response through a Security Operations Center (SOC) function.
An incident response plan defines procedures for detecting, responding to, and recovering from security incidents. Incidents are documented, investigated, and lessons learned are incorporated into security improvements. Business continuity and disaster recovery plans ensure that research operations can be maintained or restored in the event of a major security incident.
What security standards does JoveWhizz follow?
JoveWhizz aligns its security framework with internationally recognised standards including ISO 27001 and industry best practices for information security management.
How does JoveWhizz protect research participant data?
Participant data is protected through access controls, encryption, network security, endpoint security, and security monitoring. All systems handling respondent data are subject to regular security audits and vulnerability assessments.
How is research data encrypted?
Data in transit is encrypted using TLS protocols. Data at rest is encrypted on servers, endpoints, and portable devices. Encryption keys are managed securely with restricted access.
Does JoveWhizz perform vulnerability scanning?
Yes. Regular vulnerability scanning is conducted across networks, systems, and applications. Identified vulnerabilities are prioritised and remediated through a structured patch management process.
How does JoveWhizz protect data in transit?
Data in transit is protected using encryption protocols including TLS. Network security controls such as firewalls and intrusion prevention systems provide additional protection.
Does JoveWhizz conduct penetration testing?
Yes. Penetration testing and security assessments are conducted periodically to evaluate the effectiveness of security controls and identify areas for improvement.
How are security incidents handled?
JoveWhizz has an incident response plan that defines procedures for detection, response, containment, eradication, recovery, and post-incident review.
Is multi-factor authentication required?
Yes. Multi-factor authentication is required for access to sensitive systems and remote access to research data and systems.
How often are security controls reviewed?
Security controls are reviewed continuously through monitoring, with formal assessments conducted periodically including vulnerability scans and penetration tests.
Questions about information security and cybersecurity? Contact JoveWhizz for more information.
Contact Us