Compliance at VoiceSage

We adhere to widely accepted standards and regulations.

ISO/IEC 27001

ISO/IEC 27001 – Information Security Management System

ISO/IEC 27001 is recognized as the premier information security management system (ISMS) standard worldwide. ISO/IEC 27001 also leverages the comprehensive security controls detailed in ISO/IEC 27002. The basis of this certification is the development and implementation of a rigorous security management program, including the development and implementation of an Information Security Management System (ISMS). This widely-recognized and widely-respected international security standard specifies that companies that attain certification also:

  • Systematically evaluate our information security risks, taking into account the impact of security threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls to address security risks
  • Implement an overarching audit and compliance management process to ensure that the controls meet our needs on an ongoing basis

All VoiceSage products and locations are in scope for ISO/IEC 27001 including VoiceSage Ireland, UK, and cloud based services, as well as the micro services which deliver our products.

 

ISO/IEC 27018

ISO/IEC 27018 – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018 focuses on the protection of Personally Identifiable Information in the cloud which is one of the key drivers of the General Data Protection Regulation (GDPR). This emphasizes the VoiceSage mission to continually secure and improve its customer experiences by undertaking the steps ensuring that all personal data we handle and manage is safeguarded to the highest standard, and our customers can remain confident with VoiceSage’s cloud services.
All VoiceSage products and locations are in scope for ISO/IEC 27018 including VoiceSage Ireland, UK, and cloud based services, as well as the micro services which deliver our products.

 

ISO/IEC 27701

ISO/IEC 27701 – Code of practice for the international standard for privacy information management

ISO 27001 sets out the requirements for an ISMS (information security management system), a risk-based approach that encompasses people, processes and technology. Independently accredited certification to ISO 27001 provides stakeholders with assurance that data is being appropriately secured. As VoiceSage has already implemented ISO 27001, they will be able to use ISO 27701 to extend their security efforts to cover privacy management – including their processing of personal data/PII (personally identifiable information) – which can help them demonstrate that reasonable measures have been taken to comply with data protection laws such as the GDPR.

 

PCI DSS Level 1

Payment Card Industries Data Security Standard

When you have a requirement for a customer to pay with a credit card using VoiceSage products or services you can rest assured that we handle the security of that transaction with appropriate attention. We are a Level 1 Certified and we engage with Qualified Security Assessor (QSA) to assess our compliance with PCI DSS. We are currently compliant with PCI DSS v3.2, SAQ A.

<!–

Cyber Essentials Plus

Cyber Essentials Plus

Cyber Essentials is a UK government backed, industry supported scheme to help organisations protect themselves against common cyber attacks. VoiceSage holds a both Cyber Essentials and Cyber Essentials Plus certifications, certificate no: IASME-CEP-006346.

–>


Our Service Providers

We hold our service providers to very high standards. Data centres, co-location, and managed service providers undergo regular ISO/IEC 27001 audits to verify their practices.

We review the results of these audits annually at a minimum as part of our vendor management program. In the event these audits have material findings which we determine present risks to us or our customers, we work with the service provider to understand any potential impact to customer data and track their remediation efforts until the issue has been resolved.


Validating our Practices

Independent third-party audits

We use independent third-parties to audit our practices against most sought after standards and regulations in the world. These reviews occur at least annually and are conducted by globally-respected audit and security firms that are independent and thorough in their evaluations. We take their reports seriously and have processes in place to address any issues that present risks to us or our customers.

External and internal application security testing

Our security team performs automated and manual application security testing and network vulnerability testing on an on-going basis to identify and patch potential security vulnerabilities and bugs on our server, web, and mobile applications. We also work with third-party security specialists, as well as other industry security research community members.

Continuous Improvement

A critical part of any information security management program is the continual improvement of security and compliance programs, systems, and controls. VoiceSage is committed to soliciting feedback from different internal teams, customers, internal and external auditors, and improving our security, privacy and compliance processes and controls over time.