Information Security Statement
As J. J. Keller serves customers across North America – and uses advanced technologies to innovate leading-edge safety and compliance solutions – we are committed to protecting our customers’ data. This Information Security Statement provides general information about the policies, controls, procedures and other practices we use to protect that data.
Information Security Policy
J. J. Keller maintains written information security policies that, among other things, define our employees’ responsibilities and acceptable use of the data we hold and our information technology resources. We regularly review these policies, at least annually, and update them as necessary.
We do not authorize any J. J. Keller employee to access any data or J. J. Keller information technology resources until the employee provides us a signed acknowledgement form indicating that the employee has read, understands, and agrees to comply with our applicable written information security policies.
All new J. J. Keller employees receive training on information security requirements during the onboarding process and all current J. J. Keller employees participate in annual data security awareness training.
Compliance and Certifications
J. J. Keller achieved and maintains ISO 27001 certification for our information security management system. A copy of the certificate may be provided upon request.
We annually obtain a SOC 2 Type II compliance report for the trust principles of Security, Availability, and Confidentiality from a nationally-recognized independent audit firm.
J. J. Keller complies with the Payment Card Industry Data Security Standards (PCI DSS) for securing cardholder data J. J. Keller receives or otherwise is able to access. We achieve compliance through the completion of an appropriate SAQ (self-assessment questionnaire).
We conduct annual internal audits of our information technology and resources. Our internal auditors possess a wide range of certifications, including CISSP, CISA, CPA, PMP and PCIP.
The J. J. Keller ELD System meets the technical requirements for electronic logging devices under the Federal Motor Carrier Safety Regulations (FMCSR). The J. J. Keller ELD system also meets the high criticality cybersecurity requirements for electronic logging devices identified in the National Motor Freight Traffic Association’s (NMFTA) Cyber Security Considerations for Telematics Systems.
J. J. Keller’s services are designed to comply with the HIPAA Security Rule to ensure any of our customers’ data that constitutes protected health information is secure.
J. J. Keller’s services are designed to comply with FERPA’s requirements to protect any of our customers’ data that constitutes student education records from unauthorized access, destruction, use, modification or disclosure.
Supplier and Vendors
J. J. Keller closely manages its vendors and suppliers using risk management principles. We evaluate all the security practices of our vendors and suppliers to ensure they maintain and adhere to appropriate security practices. Our vendors and suppliers are subject to appropriate confidentiality and security requirements under our agreements with them.
If you have any questions about our information security practices, contact us.