JMP Trust Center

Data privacy and security backed by decades of experience – and dedicated experts

Security

JMP is committed to safeguarding the trust our customers place in us by prioritizing security in every aspect of our product development and operations.

From our robust secure Software Development Lifecycle (SDLC) to our advanced DevSecOps platform and Secure Software Development Framework (SSDF), we integrate security seamlessly into our processes. Security considerations are embedded in every stage of development, from design and coding to testing and deployment.

We adhere to industry best practices and standards to protect your data and ensure the integrity and confidentiality of our systems. Our dedicated team of security experts continuously monitors and improves our defenses against evolving threats to provide you with peace of mind.

At JMP, we are committed to staying ahead of potential threats and maintaining the highest standards of security to protect your business and data.

As a wholly owned subsidiary of SAS Institute Inc., JMP Statistical Discovery LLC adheres to SAS’ policies and procedures:

Privacy

As a wholly owned subsidiary of SAS, JMP falls under the umbrella of the SAS Privacy Statement.

Compliance

As a SAS subsidiary, JMP adheres with the commitments outlined in SAS’ Code of Ethics and Corporate Social Responsibility, as well as other policies and procedures.

JMP is committed to high ethical standards in our dealings with customers, suppliers, competitors, and colleagues. Robust regulatory compliance practices promote our businesses conduct in an honest, respectful, fair, and safe manner. Guided by SAS’ Code of Ethics, our compliance practices have earned the company our exceptional reputation as an ethical and responsible employer and business partner.

JMP adopts measures recommended by the PCI Data Security Standard (PCI DSS) for all its e-commerce. JMP validates its compliance with PCI DSS on an annual basis.
JMP uses Stripe to process its ACH transactions. Information about Stripe's processes and security procedures can be found here.

How does JMP handle data collected during Restricted Party Screenings?

Because JMP software is an export-controlled technology, we must adhere to the U.S. Export Administration Regulations (EAR), a set of rules managed by the U.S. Department of Commerce’s Bureau of Industry and Security that govern the export and re-export of software and technology. The U.S. Departments of State, Commerce, Treasury, and other federal agencies each maintain lists of organizations (e.g., companies or universities), individuals, or countries that have had their export privileges restricted or revoked and are on a sanctioned or restricted party list. JMP complies with the EAR by using a third-party service provider to conduct Restricted Party Screening (RPS) to verify whether an organization, individual, or country is listed on any of the federal agencies’ restricted party lists and has had its export privileges restricted or revoked. As a part of the RPS screening process, JMP may collect first and last names, email addresses, company names, company websites, or company email addresses. JMP handles this data in line with our Privacy Statement, EU Privacy Statement (where applicable), and Data Processing Addendum to ensure compliance with relevant regulations.

Quality

JMP has continued to refine a research-centric process since JMP’s first software release in 1989. This process is built on partnerships with customers in key industries and leading researchers in academia. JMP shares the mission, philosophy, and software development lifecycle established in SAS® Software Security Framework.

JMP’s full commitment to quality can be found here.

The white paper, The Quality Imperative: SAS’ Commitment to Quality (PDF), provides additional information about the role of quality in the creation and delivery of all SAS offerings.