Is Jitsi Meet service ISO 27001-compliant?

I work at a university and am looking for a video conferencing solution that meets their data security standards. They whitelist only systems that meet ISO 27001 requirements.

Do the Jitsi Meet servers meet these requirements? Where can I find security-related information about the data center(s) hosting the Jitsi Meet services?

Thanks,

Are you asking about meet.jit.si?
I’m not aware of such a compliance. What we have for meet.jit.si is running it in AWS, not sure whether they are compliant in any way and the jitsi code is public and uses webrtc API from the browsers, which specifications are also public.

1 Like

ISO 27001 is something an organization should comply to, not software as is. Whether it complies to ISO 27001 depends on where you host it (access control, authentication, logging, audit trailing, encrypted, firewall, intrusion detection, etc), how you make sure quality is in place (testing before bringing to production in a way that follows standardized process, is documented and traceable, disaster recovery), and all these processes are described and followed in the ISMS… So this is mostly up to the organization that hosts is and services you as an organization. Hope this helps!

1 Like

Thanks for the clarifications. I was indeed referring to the meet.jit.si service - I guess that if it is hosted on AWS it is not ISO 27001 compliant. I will communicate this to our university and suggest they run their own Jitsi instance (not sure if they will as they are already swamped by IT support requests right now).

So you can check 8x8 there are people more competent than me on the subject and can help you.
8x8 version of jitsi-meet is most of the time identical to meet.jit.si. So you can talk with competent people from sales and see what you need and maybe start using that offering.