JoveWhizz aligns its information security practices with ISO 27001, the international standard for information security management systems. ISO 27001 provides a systematic framework for managing sensitive information, ensuring data confidentiality, integrity, and availability across all research operations.
JoveWhizz implements a comprehensive set of information security controls aligned with ISO 27001 Annex A. These controls cover information security policies, organisation of information security, human resource security, asset management, access control, cryptography, physical security, operations security, communications security, and business continuity.
Research data is protected using industry-standard encryption mechanisms for data in transit and at rest, together with appropriate access controls and monitoring procedures. Regular security assessments and penetration testing identify and address vulnerabilities. Staff receive annual information security training and are required to follow data handling policies and procedures.
JoveWhizz evaluates third-party suppliers, panel providers, cloud platforms, and subcontractors handling research data. Appropriate contractual, security, confidentiality, and data protection controls are applied to reduce third-party information security risks.
Supplier security assessments are conducted during onboarding and reviewed periodically. JoveWhizz maintains documented agreements with third-party partners that include security, confidentiality, and data protection requirements.
JoveWhizz maintains business continuity and disaster recovery procedures designed to support the continued availability of critical research systems, data, and client services in the event of operational disruption, cyber incidents, or infrastructure failures.
Business continuity plans are reviewed and tested periodically to ensure effectiveness. Recovery objectives are defined for critical systems and data to minimise operational impact during disruptive events.
Research platforms, databases, and supporting systems are configured using secure design principles. Security reviews, vulnerability assessments, patch management, and access controls help reduce operational and cyber security risks.
Change management procedures ensure that modifications to systems and applications are reviewed, tested, and authorised before deployment. Security requirements are incorporated into system design and development processes.
Information assets are classified according to sensitivity and business impact. Security controls are applied proportionately to protect confidential client information, personal data, and proprietary research outputs.
Classification labels guide handling, storage, transmission, and disposal procedures, ensuring that sensitive research information receives appropriate protection throughout its lifecycle.
Employees, contractors, and authorised personnel receive regular information security and privacy awareness training covering data protection, phishing prevention, access management, and secure handling of research information.
Security training is updated to address emerging threats. Role-specific training ensures that personnel handling sensitive research data understand their security responsibilities.
What is ISO 27001?
ISO 27001 is the international standard for information security management systems, providing a framework for establishing, implementing, maintaining, and continually improving information security.
How does ISO 27001 protect research data?
ISO 27001 requires systematic risk assessment, security controls, access management, incident response, and continuous monitoring to protect information assets including research data.
Is ISO 27001 certification mandatory?
Not legally required, but ISO 27001 demonstrates commitment to information security and is increasingly expected by clients, particularly in financial services and healthcare research.
How does JoveWhizz handle data breaches?
JoveWhizz maintains an incident response plan aligned with ISO 27001 requirements, including detection, containment, eradication, recovery, notification, and post-incident review procedures.
How does JoveWhizz manage third-party security risks?
Third-party suppliers are evaluated through security assessments, contractual safeguards, and periodic reviews to ensure appropriate protection of research data and client information.
What business continuity measures does JoveWhizz have in place?
JoveWhizz maintains business continuity and disaster recovery procedures for critical research systems and data, including periodic testing to ensure effectiveness.
Questions about information security in market research? Contact JoveWhizz for more information.
Contact Us