Data Security Program
- J. J. Keller requires multifactor authentication by all associates working remotely.
- We also employ a third-party managed security service provider to maintain and run a Cloud SIEM. They provide 24/7 security event monitoring, response, and alerting.
- Every J. J. Keller associate participates in annual data security and privacy awareness training.
- In addition, we conduct annual phishing training and monthly simulated phishing email exercises with 100% of our workforce. Anyone failing the phishing exercise receives immediate retraining. Results of monthly simulations are published on the company's intranet and are tied to the company's progressive discipline policy.
- J. J. Keller is certified to ISO 27001:2013 for our information security management system.
- We annually obtain an SOC 2 Type II compliance report audited to the Security, Availability, and Confidentiality Trust Services Criteria by a nationally-recognized independent audit firm.
- J. J. Keller complies with the Payment Card Industry Data Security Standards (PCI DSS) for securing cardholder data and is self-certified.
- All J. J. Keller associates are required to sign a confidentiality agreement upon hire and annually thereafter through our Ethics Policy & Code of Conduct training.
- Supply chain vendors are evaluated for security practices to ensure their practices meet the same level of rigor as J. J. Keller’s practices.
- J. J. Keller performs an annual internal audit of our systems and processes with auditors possessing certifications including CISSP, CISA, CPA, PMP and PCIP.