Third-party risk management
As part of JFrog’s risk management, we regularly perform risk assessments, which include identifying and analyzing potential risks that might affect confidentiality, integrity and availability of systems and data, while considering their possible likelihood and impact.
Third party vendors
JFrog engages with a variety of third-party vendors, including suppliers, service providers, partners, and contractors. We take third party security very seriously, thus we maintain a supply chain risk management program with requirements that our third-party suppliers must meet regarding their security and privacy practices and procedures.
Third-party vendors are vetted prior to their on-boarding process by different teams, including security, compliance, IT and legal. The process takes into account the classification of data the supplier will have access to (if any), the type of access, the controls necessary to protect the data, and any regulatory requirements.