We have completed our investigation into our 3rd party and external services.
To reiterate: Our core services as listed on our status page (API, UI/View, Portal, Auth, ID Proof, Webforms) are not impacted, and do not use Java, Log4j or are on a new version which is not impacted by the vulnerability.
Our 3rd party services are not impacted, and confirmed that they either:
We are actively monitoring the situation and will update our status page if news comes in.