JAGGAER is committed to having comprehensive security standards across our applications and business units that meet or exceed industry best practices and customers’ expectations. Our technical and organizational security measures are designed to protect your personal data against (i) accidental or unlawful destruction, loss or alteration, (ii) unauthorized disclosure and (iii) unauthorized access.
JAGGAER classifies all data based on risk and treats all customer information as confidential. Some data is categorized as sensitive information and is managed using additional safeguards, including encryption requirements.
JAGGAER utilizes identity and access network management and role-based access to ensure that employees’ privileges are limited to only that data necessary for performing their job functions. All employees are subject to confidentiality agreements and receive annual training on JAGGAER’s information security policies and procedures, including appropriate data handling, storage and disposal practices. JAGGAER also thoroughly vets and manages all third-party service providers to ensure our service providers are protecting and managing any personal data they access in compliance with (i) JAGGAER’s privacy and security standards, (ii) requirements set forth in our customer agreements and (iii) all applicable data privacy laws. All JAGGAER offices and data storage locations are protected by physical security measures that meet or exceed industry best practices.
All of JAGGAER’s computer systems are configured in accordance with current technical standards and procedures, including anti-virus software; other standard security controls, including preventative controls and detective controls; and approved operating system version and software patches. JAGGAER’s systems are regularly updated and these updates are automatically installed on all company devices. Additional security measures employed by JAGGAER include: password requirements; perimeter controls; data and network segmentation; encryption; data and media disposal procedures; log management; retention procedures; and disaster preparedness procedures. Employees are prohibited from accessing company data from unencrypted personal devices and the use of personal electronic devices to connect to the JAGGAER network or to access company email accounts is restricted to devices with appropriate security features. All remote access to the network requires a secure connection.
These policies and procedures are regularly reassessed and updated to reflect the current state of technology and relevant risks.