Secure Collaboration Tool JANDI Obtains CSA STAR Certification
How Secure are Collaboration Tools?
Today’s work environment is free from restrictions in space and time with faster communication methods and diversified smart devices. This is why companies concerned about digital transformation and work efficiency are paying attention to work collaboration tools as a new way of working.
JANDI is a collaboration tool that enhances work efficiency by providing a personal messenger’s user-friendly and real-time communication value. JANDI offers essential features for collaboration such as topic-based chat rooms, video conferencing, permanent file storage, and external service integration. Companies that use JANDI capitalize all information. With this tool, employees separate their daily life from their work. They communicate with colleagues regarding specific work projects and tasks. As essential data such as confidential company information and personal information are stored in the cloud, security is becoming more critical in the work environment.
JANDI is a SaaS-based business collaboration tool that provides strong security while maintaining the convenience of a personal messenger. All messages and files shared on JANDI are stored and encrypted immediately on Amazon Web Services (AWS), which provides world-class security. There is no need to worry about data leaks or loss. JANDI allows admins to set powerful security features such as managing download records, restricting file downloads, using document watermarks, setting access rights for each member, and controlling access allowed IP.
Achieved Cloud Security Alliance (CSA) STAR Certification
JANDI service provider Toss Lab guarantees a strong level of security based on a comprehensive security system. In February 2022, Toss Lab achieved CSA (Cloud Security Alliance) STAR (Security Trust Assurance and Risk), one of the most objective and credible international standard certifications, to standardize JANDI’s security management capabilities and credibility.
CSA STAR is an international third-party independent assessment of the security of a cloud service hosted by the Cloud Security Alliance (CSA). CSA will thoroughly evaluate the effectiveness and maturity of security practices based on the cloud service rating criteria and guidelines before granting the STAR (Security, Trust & Assurance, Registry) certification. Only companies that have obtained ISO/IEC 27001 (International standard information protection certification) are subject to registry and audit for the CSA STAR.
The CSA STAR certification acquired by Toss Las is the latest version, CCM 4.0.2. This version reflects the latest security technology and is evaluated based on 50% or more added compliance requirements than the previous version, further enhancing reliability. Improvements have been made to provide a design that is better suited to new legal regulations and requirements derived from new cloud technologies. As of February 2022, Toss Lab is the first Korean company to receive CCM 4.0.2 certification, the latest version of CSA STAR.
Companies that have obtained CSA STAR are exempted from the evaluation of basic protection measures for cloud safety by the Financial Security Agency. The evaluation process is essential when domestic financial companies use cloud services. Toss Lab acquired the CSA STAR certification proves that the company provides safe and secure services. Toss Lab has secured competitiveness by helping financial companies adopt collaboration tools more conveniently.
What the Certification Attestation Means for a Startup
Startups want to create new services that have never existed in the world despite extreme uncertainty. The company’s growth is my growth, and some people desire to grow together with reward and joy in it.
Toss Lab is a startup working hard to provide collaboration tool services since 2015. It was the first company in Korea to offer a messenger-type enterprise collaboration tool when it first started. Security certification is obtained on a per-service basis, not on a corporate basis. It doesn’t seem easy for a startup to obtain the same level of security certification as a large corporation considering that large corporations usually provide multiple services instead of just one.
JANDI provider Toss Lab’s priority is security. That is why Toss Lab used JANDI to quickly and systematically prepare for the CSA STAR certification registry process. To begin with, Toss Lab formed the ‘Information Protection Committee.’ and used JANDI topic-based chat rooms (called Topic) to make decisions on significant issues. The committee members and managers quickly began the certification process. We have continuously discussed security issues and implemented security measures transparently as we followed the requirements. We believe it is integral to be transparent as transparency is crucial in security. As a result of the assessment, we received an evaluation that concluded, ‘Continous improvement efforts for the ISMS is a good point.’
CSA STAR is subject to audit only for companies that have obtained ISO27001 certification. While ISO27001 security certification focuses on information management systems, CSA STAR cloud security certification focuses on technical aspects. In addition to policies and guidelines such as check and action for application vulnerabilities, service business continuity plan, error and disaster response system, encryption and encryption key management method, access control, privacy policy, OS/hypervisor/network security, etc., a company must meet the security requirements in the cloud environment.
Toss Lab promoted various security activities through AWS security policies. For instance, we applied many security systems such as AWS’s WAF, GuardDuty Trust Advisor, and Well-Architected Tool. Toss Lab also passed TTA’s cloud quality performance test, regularly diagnosed security vulnerabilities, and simulated hacking. We established protection measures according to risk analysis. Toss Lab’s security level will prevent external hacking or intrusion.
Collaborate Safely with JANDI
Toss Lab obtaining the CSA (Cloud Security Alliance) STAR (Security Trust Assurance and Risk) certification in addition to the ISO27001 attestation on information security led to recognition for its service security technology. We also comply with ISMS-P, the domestic information security system regulation. Toss Lab holds monthly in-house information protection committees to make important security-related decisions.
As smooth collaboration is vital for better work, collaboration and communication are essential to security. Toss Lab is actively collaborating to strengthen JANDI’s security and plans to acquire CSAP, a public cloud certification. For Toss Lab’s domestic and global corporate customers, we will continue to put in hard work. We will provide better service, build trust through continuous security certification, and strengthen security for safe and efficient work. As Asia’s No. 1 collaboration tool provider, we will ensure JANDI’s security level stays on top. Collaborate safely anytime, anywhere with JANDI.
For more inquiries on JANDI security and data protection, don’t hesitate to get in touch with us at privacy@tosslab.com. We will be happy to answer your questions and offer more support!