BOOK A DEMO
Book A Demo

Security and data protection at JAVLN

JAVLN protects broker and client data with SOC 2 Type 2 certification across both products, encryption in transit and at rest, multi-factor authentication, role-based access and round-the-clock monitoring. Your data is hosted in accredited Australian and New Zealand data centres. This page explains how we keep it safe and how we help you meet your own obligations.

Is JAVLN secure? The short answer

Yes. JAVLN Platform and JAVLN Officetech are both SOC 2 Type 2 certified, the standard that tests a vendor’s security controls over time rather than on a single day. Data is encrypted, access is limited by role and monitored around the clock, and everything is hosted in Australian and New Zealand data centres.

In an industry built on trust, security is the foundation everything else stands on. Brokers, agencies and underwriters hold some of their clients’ most sensitive information, so protecting it is a shared responsibility between you and the technology you rely on. The detail below covers our certifications, where your data lives and how to run due diligence on any provider.

How JAVLN protects broker and client data

  • SOC 2 Type 2 certified. Independently audited security controls across JAVLN Platform and JAVLN Officetech.
  • ISO 27001-certified data centres. Your data is hosted to a recognised international standard.
  • Encryption in transit and at rest. Documents and records are protected from unauthorised access at every stage.
  • Multi-factor authentication. An extra check at login, one of the most effective ways to keep accounts safe.
  • Role-based access. People see only the records their role requires, with access reviewed and logged.
  • Immutable audit trails. Every file note is timestamped at creation and cannot be altered, so the evidence trail holds up.
  • Automated backup and disaster recovery. Data is backed up automatically and restores are tested, so you recover quickly.
  • Continuous monitoring. Round-the-clock monitoring through our infrastructure partners, with a documented incident response plan.

What is SOC 2 Type 2?

SOC 2 (System and Organisation Controls) is an independent audit of how a technology company protects data. The Type 2 part is the important bit. A Type 1 report confirms controls exist on a single date, the equivalent of checking the fire extinguishers are on the wall.

A Type 2 report tests whether those controls work consistently over six to twelve months, the equivalent of running fire drills all year. Type 2 is the stronger assurance, and both JAVLN Platform and JAVLN Officetech hold it.

The audit covers the criteria that matter most to brokers:

  • Security. Protection against unauthorised access, through MFA, encryption and network controls.
  • Availability. Systems are up when you need them, including through renewal season.
  • Confidentiality. Sensitive client and policy information stays private and access-controlled.

Where is JAVLN data stored?

JAVLN data is hosted in accredited Australian and New Zealand data centres and built on enterprise cloud infrastructure. That gives you a level of physical and digital security, monitoring and resilience that an individual brokerage would find hard to replicate on its own hardware.

Is the cloud more secure than an office server?

It feels safer to keep data on a server you can see. In practice an office server is patched on your team’s schedule, watched during business hours and only as protected as the room it lives in. Certified cloud infrastructure brings continuous monitoring, automatic patching and dedicated security expertise at a scale most firms could not fund alone. For the full comparison, read our guide to cloud and on-premise insurance software.

The Essential Eight: your side of the partnership

Strong security is a partnership. SOC 2 Type 2 covers your software vendor. The Essential Eight covers your brokerage.

It is a set of eight practical controls from the Australian Cyber Security Centre: keep software patched, control who has access, add MFA, harden settings and keep tested backups.

JAVLN supports your alignment with MFA, role-based access, encrypted storage, automatic patching and daily backups, so good security habits fit the way you already work.

How to vet a software vendor’s security

Whether you hold an AFSL or operate under one, regulators expect due diligence when you choose technology partners. A simple question gets you most of the way: “Are you SOC 2 Type 2 certified, and can I see the report?” A reputable vendor shares it under NDA. From there, ask about encryption, MFA, data location and incident response. We are happy to walk procurement and security teams through ours.

How to talk to clients about data security

Security is also a conversation you have with clients, and it is easier in plain language. The essentials, in five points you can use:

  • Multi-factor authentication across our systems
  • Automatic software updates and patching
  • Access limited by role and monitored
  • Secure, tested backups
  • Independently certified infrastructure partners

Security you can show

Security that protects your clients and stands up to your regulator. Book a demo, or ask our team for the SOC 2 Type 2 report.

BOOK A DEMO

Frequently asked questions

SOC 2 Type 2 is an independent audit that tests whether a vendor’s security controls work consistently over six to twelve months, not just on paper. For brokers, it is one of the strongest signals that a technology partner takes data security seriously.

Yes. Both JAVLN Platform and JAVLN Officetech hold SOC 2 Type 2 certification, so the same standards apply whether you are managing policy data or storing documents.

Yes. We share our report with serious prospects and customers under a non-disclosure agreement. If a vendor refuses to share theirs, treat that as a flag.

In accredited Australian and New Zealand data centres, certified to ISO 27001, with access controlled by role and protected by MFA.

It is not legally mandated, but it helps brokers meet obligations under the Australian Privacy Principles and the New Zealand Privacy Act by confirming that vendors maintain appropriate security. It also demonstrates due diligence.

The Essential Eight is the set of controls you implement inside your brokerage. SOC 2 is independent verification that your software partner maintains strong security. Together they give end-to-end assurance.

JAVLN maintains monitoring and a documented incident response plan covering detection, notification and remediation, with clear protocols for communicating with customers.

Cyber risk now sits inside your regulatory obligations. A data breach can trigger duties under the Privacy Act in Australia and New Zealand, including notifiable breach reporting, and both ASIC and APRA expect sound information security from the firms they oversee. Strong controls and complete, retrievable records are how you meet those duties and prove it. JAVLN provides the SOC 2 Type 2 foundation and audit-ready evidence, while cyber insurance remains the broker’s tool for transferring the financial risk that controls cannot remove.
Javln Intelligent Insurance Solutions
Products
Policy management Document management
Support
Help and Support Security Glossary
Contact us
hello@javln.com
Sign up to our JAVLN Bytes newsletter
Privacy Policy Cookie Policy Service terms Sustainable website by Wild Tree Digital