SECURITY
Security to protect your conversations and your business
Comprehensive security for peace of mind.
We understand that the confidentiality, integrity, and availability of our services are the highest order of priority for our customers, and for us as a company
Spoke Phone security commitments
We take a comprehensive, multi-layered approach to security, ensuring that every element of your data is secure, and that our service in the cloud is as good or better than industry standards including SOC2, HIPAA and GDPR.
Cloud infrastructure security
All of our services are hosted with Amazon Web Services (AWS). They employ a robust security program with multiple certifications.
Encryption
All databases are encrypted at rest. Our applications encrypt in transit with TLS/SSL only.
Vulnerability scanning, logging and monitoring
We perform vulnerability scanning and actively monitor for threats. We actively monitor and log various cloud services.
Business continuity and disaster recovery
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
Incident response
We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.
Organizational security
Information Security Program
We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.Â
Third-Party Penetration Testing & Auditing
Our organization undergoes independent third-party assessments to test our security and compliance controls.
We perform an independent third-party penetration testing at least annually to ensure that the security posture of our services is uncompromised.
Roles and Responsibilities
Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.
Trusted Employees
Our team members are background checked in accordance with local laws and required to go through industry standard employee security awareness training.
All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
Industry standards
Spoke Phone is committed to industry standards to keep your data secure, private and safe. Our HIPAA and SOC2 audits are currently in progress.
Spoke is built on Twilio and is HIPAA compliant for your peace of mind
Secure, informed and actioned with HIPAA: for todays communication environment
Securely push contextual information into calls and conversations, across your entire team; in clinic, on the road and in-home.Â
Ensure your phone systems, mobile calls and messaging are all HIPAA compliant.
We know your top priority is making sure patient data is always private and secure. That’s why Spoke is built on Twilio and HIPPA compliant for your peace of mind.
Access security
Permissions and authentication
Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.Â
Least privilege access control
We follow the principle of least privilege with respect to identity and access management.
Quarterly access reviews
We perform quarterly access reviews of all team members with access to sensitive systems.
Password requirements
All team members are required to adhere to a minimum set of password requirements and complexity for access.Â
Hosted on Amazon Web Services
Our websites, web/mobile applications back-ends, and all other back-end services including data storage run on AWS. The AWS platform is designed and built to run on a shared security responsibility model. This means that AWS is responsible for securing the underlying infrastructure that supports our platform, including facilities, network, hardware, and operational software.
The infrastructure that Amazon provides is designed and managed in alignment with security best practices and a variety of IT security standards, including SOC 1,2 and 3, PCI DSS level 1, and ISO 27001.
Your data protection is our highest priority
End-to-End 256-Bit AES military grade encryption, as used by all major banks.
Protect your data with local storage
Robust APIs and pre-built integrations let you control where your data is stored and who has access.
Private tokens, redacted PII, encrypted recordings
Enhance our industry standard 256-Bit AES with private encryption tokens on recordings, and redacted phone numbers and text from Spoke servers.Â
Contact us
If you have any questions or wish to report a potential security concern please contact: security@spokephone.com
