JoveWhizz adheres to SOC 2 trust service criteria to safeguard market research data, ensuring security, availability, and confidentiality across every stage of the research lifecycle.
Our security framework enforces access controls, encryption at rest and in transit, and continuous monitoring to protect against unauthorised access. We implement role-based access controls (RBAC) and multi-factor authentication across all research platforms, ensuring that only authorised personnel interact with client data.
Availability is maintained through redundant infrastructure, automated failover mechanisms, and proactive performance monitoring. Our service-level commitments guarantee that research dashboards, data collection tools, and reporting systems remain accessible with a target uptime of 99.9%.
Confidentiality agreements, data classification policies, and strict handling procedures ensure that proprietary research data remains protected throughout processing. We employ data loss prevention (DLP) tools and encrypt sensitive datasets using AES-256, with key rotation schedules aligned to industry best practices.
Processing integrity guarantees that market research data is collected, transformed, and reported accurately. Automated validation pipelines, audit trails, and reconciliation checks verify that outputs match source inputs, giving clients full confidence in the reliability of our research deliverables.
JoveWhizz maintains a comprehensive system of internal controls aligned to the SOC 2 framework. Our policies cover personnel background checks, security awareness training, vendor oversight, and change management procedures. Regular internal audits assess control effectiveness and drive continuous improvement.
We deploy continuous monitoring tools including intrusion detection systems, security information and event management (SIEM) platforms, and vulnerability scanners. Logs are retained for forensic analysis, and anomalies trigger automated incident response workflows to contain and remediate risks promptly.
Risk assessments are conducted quarterly to identify, evaluate, and mitigate threats to the trust service criteria. We map risks to specific controls and assign ownership to control owners who track remediation progress through a centralised risk register.
Third-party vendors and subcontractors handling research data undergo SOC 2 pre-qualification, contractual security obligations, and periodic reassessments. Our vendor management program ensures that all partners maintain equivalent control standards, preserving end-to-end data protection across the research supply chain.
SOC 2 is an auditing framework developed by the American Institute of CPAs (AICPA) that evaluates service organisations controls over security, availability, processing integrity, confidentiality, and privacy.
Yes. JoveWhizz undergoes annual SOC 2 Type II audits conducted by an independent CPA firm, with the most recent report covering a 12-month evaluation period.
We are evaluated against security, availability, confidentiality, and processing integrity. Privacy is addressed through a complementary GDPR and CCPA compliance program.
Controls are tested continuously through automated monitoring and formally reassessed during the annual Type II audit. Ad-hoc tests are performed after major system changes.
Yes. Clients with a valid non-disclosure agreement in place may request a copy of our SOC 2 Type II report from their account manager.
We use AES-256 for data at rest and TLS 1.3 for data in transit. Encryption keys are managed through a hardware security module with automatic rotation.
All sub-processors are required to maintain SOC 2 certification or equivalent accreditation. Their reports are reviewed during onboarding and annually thereafter.
Evidence is retained for a minimum of three years in a tamper-proof audit log system. Retention schedules comply with AICPA requirements and client contractual obligations.
Contact our compliance team to discuss SOC 2 requirements, request our audit report, or schedule a security review.
Contact Us