Security center · Jumborca

Security is never a slogan. Below is how Jumborca implements security from product to organization — with enough detail for your security team to evaluate.

1. Organization & process

Certified to ISO 27001 Information Security Management. Annual external penetration testing. Annual security & privacy training for all staff.

2. Product security

Mandatory SDLC code review, SAST and dependency scanning. Critical paths verified via formal methods and replay tests. All decision events are signed and logged.

3. Encryption

TLS 1.2+ in transit. AES-256 at rest. KMS / HSM supported. Keys may be fully customer-managed.

4. Identity & access

Portal uses Microsoft Entra External ID with enforced MFA. All employee production access goes through a bastion with least-privilege and full session audit.

5. Incident response

24×7 on-call. Suspected incidents trigger IR in under one hour. Confirmed incidents are communicated to affected customers within 24 hours.

6. Vulnerability disclosure

We welcome reports from security researchers. Send to security@jumborca.com (PGP fingerprint at /security/pgp.txt). We respond within 48 hours.