Services
Security
As a provider of Software-as-a-Service (SaaS) solutions, ensuring the security, confidentiality, integrity and availability of data is of paramount importance to Voxiva. Voxiva's core security policy is guided by the ISO/IEC 27000 (http://www.iso.org/iso/home.htm) series of information security standards. We implement a broad range of physical, technological and procedural safeguards to ensure the highest levels of data security.
PHYSICAL
- Voxiva's servers are stored in redundant SAS 70 Type II compliant data centers ensuring state of the art cooling, fire protection, power management and perimeter security.
- Each data center has redundant 10 Gigabit-per-second (OC192) data connections.
- Physical access is restricted to a limited group of authorized personnel.
- Access and data communication is encrypted using Secure Socket Layer (SSL) technology.
- Voxiva network infrastructure is protected by industry leading network security tools.
- Voxiva solutions, servers and associated network components are automatically monitored using industry leading network monitoring software.
- Voxiva operates redundant 7*24 Network Operations Centers ensuring that if the primary center loses connectivity the secondary center can still manage the network.
- Data is backed up electronically to a redundant (alternative site) data center.
- Voxiva systems are reviewed and assessed in relation to required restoration levels. In the event of a catastrophic data center failure all solutions can be re-provisioned in a redundant data center within an agreed customer SLA timeframe.
- Voxiva reviews all systems and processes with a view to eliminating any single point of failure which is why Voxiva operates a minimum of two data centers, two Network Operations Centers and a redundant escalation process to ensure the necessary management structure is always available.
TECHNICAL
- All Voxiva solutions support a role-based architecture that ensures users only see data pertinent to their assigned role permissions.
- Strict login controls and standards are applied to prevent unauthorized access.
- Authorized access requires use of a unique ID and password. The password is encrypted at rest and is therefore not visible to any role within the system.
- Forced password change at first log on is required if a password is created or reset for a user by an administrator.
- Password strength and password change intervals are configurable and will be agreed with the customer.
- System logs record all user access and actions.
- All information and history is retained in accordance with local regulatory requirements.
- Voxiva provides multi-channel data solutions where information is transported via web, email, smart phone application, Interactive Voice Response (IVR) and Short Message Service (SMS). The security standards associated with each channel is described below:
Web
Web access to Voxiva's solutions provide maximum data protection because access can be tightly managed by incorporating strict login procedures and all communication can be encrypted via the use of 128-bit Secure Socket Layer (SSL) technology.
Email
Email is an appropriate format for delivery of alerts and educational content but it is not an encrypted format by default. However, if required support for encrypted email is available on request.
Smart phone Application
Voxiva's smart phone applications allow for encrypted data storage on the handset and data is also encrypted in transmission between the handset and the central Voxiva servers.
Interactive Voice Response (IVR)
IVR uses the telecommunications network to transmit MTF (touch tones) and voice recordings between the Voxiva systems and telephone handset. Typically voice communication networks are not encrypted, however, they do operate to high security standards.
Short Message Service (SMS)
While not encrypted, SMS is an appropriate format for delivery of alerts and educational content. SMS can also be used for data collection from an end-user.
Web access to Voxiva's solutions provide maximum data protection because access can be tightly managed by incorporating strict login procedures and all communication can be encrypted via the use of 128-bit Secure Socket Layer (SSL) technology.
Email is an appropriate format for delivery of alerts and educational content but it is not an encrypted format by default. However, if required support for encrypted email is available on request.
Smart phone Application
Voxiva's smart phone applications allow for encrypted data storage on the handset and data is also encrypted in transmission between the handset and the central Voxiva servers.
Interactive Voice Response (IVR)
IVR uses the telecommunications network to transmit MTF (touch tones) and voice recordings between the Voxiva systems and telephone handset. Typically voice communication networks are not encrypted, however, they do operate to high security standards.
Short Message Service (SMS)
While not encrypted, SMS is an appropriate format for delivery of alerts and educational content. SMS can also be used for data collection from an end-user.
PROCEDURAL
- Voxiva actively maintains a company-wide Information Security Policy and detailed security procedures.
- All Voxiva employees are trained on Voxiva's policies and procedures for which both awareness and compliance is a condition of employment.
- All employees undergo appropriate background checks including past employment verification, personal references and history of criminal convictions if appropriate.
- Voxiva's Information Security framework is built around ISO/IEC 27002, in accordance with which Voxiva undertakes an annual security audit conducted by an independent, industry certified security professional.