Our organization recognizes the best, most up-to-date health information is without value unless it is pertinent and accessible to the people it is meant to serve.
Our risk assessment was conducted in accordance with the methodology described in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, Risk Management Guide for Information Technology Systems. The methodology used to conduct this risk assessment is qualitative, and no attempt was made to determine any annual loss expectancies, asset cost projections, or cost-effectiveness of security safeguard recommendations.
- Product Security
- Audit Logs
All external data access is logged with the following information: data accessor IP address, target device (if applicable), module, and operation, and all logs are retained for at least 90 days.
Broadvoice uses and supports Single Sign On through supported 3rd parties
- Data Security
- Data Encrypted At-Rest
Customer data is encrypted at-rest using AES-256, ensuring it cannot be read or understood.
- Data Encrypted In-Transit
To protect customer data in-transit, we enforce strong protocols (TLS v1.2+) and ciphers that provide authentication, message confidentiality, and integrity.
Broadvoice earned an A+ rating in data-in-transit encryption from an independent audit.
- Incident Management & Response
- Data Breach Notification
If we learn of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us.
We are committed to keeping our clients fully informed of any matters relevant to the security of their data and to providing all information necessary for them to meet their own regulatory reporting obligations.
- Incident Response Plan (IRP)
Our Security Incident and Event Management (SIEM) platform offers advanced incident prevention using proactive threat detection and in-depth real-time log analysis.
Our Network Operations Center (NOC) and Security Operations Center (SOC) analysts promptly respond to issues with our platform, systems, connectivity, and security.
- Availability & Reliability
- Infrastructure Redundancy
Critical system components are replicated across geo-redundant data centers in Los Angeles and Boston.
- Quality Assurance Testing
Quality assurance testing is a key component of our development lifecycle.
2 more topics
- Organizational Security
- Confidentiality Agreements
Broadvoice requires every employee to sign an agreement containing a Non Disclosure Agreement clause.
- Employee Security Training
Broadvoice employees undergo compliance and information security training on the latest security topics, including phishing, ransomware, and data privacy.
2 more topics
- Business Continuity
- Disaster Recovery Plan
Disaster recovery drills are completed annually.
- Data Backups
Offsite backups are maintained and verified on Amazon Web Services.
- SOC 2 Type II - Data Center
Our systems are hosted in Tier III/Tier IV data centers with fire suppression systems, air conditioning for cooling, and redundant power supplies.
Broadvoice periodically reviews colocation providers to validate their adherence to security and operational standards.
- Threat Management
- Penetration Testing
Independent penetration tests are completed annually by independent auditors.
- Vulnerability Scanning
Our best-in-class vulnerability management platform continuously tests our external and internal endpoints.
1 more topic
Sign up to view Broadvoice's Subprocessors
Sign up to see the rest of Broadvoice's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.