Jibe compliance

Security and user data privacy are central to everything Google does. The Jibe RCS service runs at global scale on Google's world class infrastructure and is underpinned by the same security policies and procedures that protect all Google products.

Jibe services are audited to comply with widely recognised industry standards.

Jibe Cloud, Jibe Hub and Google's RCS Business Messaging Platform all hold ISO 27001, SOC 2 and SOC 3 certification.

ISO 27001

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies.

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

While the 27001 standard does not mandate specific information security controls, the framework and checklist of controls it lays out allows Google to ensure a comprehensive and continually improving model for security management.

The Jibe Cloud Platform, and supporting infrastructure are certified as ISO 27001 compliant.

Read more on the ISO 27000 family of standards.

Jibe's compliance certificate is available here.

SOC 2 and 3

The AICPA Assurance Services Executive Committee (ASEC) has a set of principles and criteria (trust services principles and criteria) to be used in evaluating controls relevant to the security, availability, and processing integrity of a system, and the confidentiality and privacy of the information processed by the system.

  • Security: The system is protected against unauthorized access, use, or modification
  • Availability: The system is available for operation and use as committed or agreed
  • Processing integrity: System processing is complete, valid, accurate, timely, and authorized
  • Confidentiality: Information designated as confidential is protected as committed or agreed

The SSAE 18/ISAE 3402: Statement on Standards for Attestation Engagements No. 18 (SSAE 1 8 - effective as of May 1, 2017) and the International Standard on Assurance Engagements 3402 (ISAE 3402) are used to generate a report by an objective third party attesting to a set of statements which an organization asserts about its controls. This is particularly beneficial when there are many interested parties, such as customers, who desire assurances of the trustworthiness of a given organization's controls particularly when those interested parties require a greater level of detail than would normally be publicly disclosed.

Access to the following reports for the Jibe RCS Cloud service will be considered upon request:

  • SOC 2: This report is based on the existing Trust Services principles and criteria. The purpose of a SOC 2 report is to evaluate an organization's information systems relevant to security, availability, processing integrity, and confidentiality or privacy.

    Jibe's service has a Type 2 report, which covers the operating effectiveness of those controls throughout a specified period to meet those trust services criteria.

  • SOC 3: This report, like SOC 2, is based on the existing SysTrust and WebTrust principles. The difference being the report doesn't provide detail regarding the testing performed.