Avidestal
Avidestal Technologies | AvidViews

Security Policies V.1.0

The clients have trusted AvidViews (a product by Avidestal Technologies) for its audio/video conferencing platform to exchange thousands of calls and messages everyday from web and mobile apps. It has provided reliable voice, video and messaging services which facilitate deliveries, empower customer support and keep crucial applications running relentlessly.

AvidViews’s top priority is to secure the data of its clients, thus following the best practices which adhere to strict privacy regulations and corporate policies.

The purpose of this document is to provide information on AvidViews’s security stance and processes.

SECURITY ORGANIZATION & PROGRAM

With data security as a top priority, our dedicated security team manages security programs for AvidViews by following the framework based on the ISO 27001 Information Security Standard. The program covers the following attributes or control sets:

  • Information security policies and procedures
  • Asset Management
  • Access Management
  • Cryptography
  • Physical Security
  • Operations Security
  • Communications Security
  • Business Continuity Security
  • Human resource (People) Security
  • Product Security
  • Cloud and Network Infrastructure Security
  • Security Compliance
  • Supplier relationships (Third-party) security
  • Vulnerability Management
  • Incident Response (Disaster Recovery)

HUMAN RESOURCE (PEOPLE) SECURITY

All the candidates have to qualify the background verification process done by the security team to ensure that the right sets of people are onboarded to develop AvidViews products. Also, the security team consistently provides information on emerging threats and performs phishing awareness campaigns to keep them up to date on the security trends.

PRODUCT SECURITY

AvidViews Product Security Program has implemented the following practices:

STANDARDIZATION OF APPLICATION SECURITY LEVEL AND GUIDELINES:

Developed by the AvidViews Security Development team, standardized security practices ensure the development and safeguarding of products and activities which are required by the product team to perform at different stages of product development (requirements, design, implementation, and deployment).

DESIGNED TO BE SECURE:

To ensure the enhancement in product security, the AvidViews security team performs numerous activities on a continuous basis which include:

  • Reviews on internal security before products launch.
  • Regular penetration tests conducted by third-party contractors.
  • Running bug identification programs.
  • Continuous test runs on internal and external security.
  • Supervising threat models on regular basis.
BUILDING SECURITY AS GENETIC CODE:

Implementation and management of technology-specific software security training from time to time ensure that all the developers at AvidViews are up to date and confirm comprehension of the latest security trends.

CHANGE MANAGEMENT:

AvidViews uses software like Jira for its change management process to track, review and approve the changes before moving the product into a staging environment where it is deployed to production.

AUTHORIZED TESTING:

With regular penetration tests conducted by third-party and bug identification programs, AvidViews invigorate disclosure of any susceptibility.

ACCOUNT SECURITY:

To securely store credential data, AvidViews uses the best industry methods to add salt to the hashing process. To further secure credentials data, a security layer of two-factor authentication (2FA) is added for accounts and logins.

CLOUD AND NETWORK INFRASTRUCTURE SECURITY

To create a safe platform for AvidViews applications and its customers, the cloud security program includes the following activities:

ASSET MANAGEMENT AND OWNERSHIP:

All cloud assets must have a defined owner, security classification, and purpose.

INFRASTRUCTURE ACCESS MANAGEMENT:

To minimize the direct access to infrastructure, networks and data of production resources, employees are required to access either through approval, strong multi-factor authentication or via a bastion host.

DEFENSE-IN-DEPTH (OPERATIONS SECURITY):

AvidViews’s production environment is a logically isolated Virtual Private Cloud (VPC) where all the customer data and the customer-facing applications sit and production and non-production networks are segregated. To interact in the production network (environment), all networks between production hosts are accessible strictly to authorized services with the help of firewalls.

NETWORK MONITORING OF STANDARDIZED GUIDELINES:

AvidViews logs high-risk actions and changes in the production network. With the help of automation, recognition of any deviation from the standardized guidelines is raised as issues promptly after the setup configuration.

COMMUNICATION SECURITY:

To ensure the protection of information in networks and its supporting information processing facilities.

CONTINUOUS MONITORING AND VULNERABILITY MANAGEMENT

Following the “designed to be secure” principles, AvidViews’s Continuous Monitoring Program includes the following practices:

CONTINUOUS MONITORING PROGRAM:

With continuous monitoring, through the development of proactive and detective capabilities, AvidViews is poised to respond to vulnerabilities, incidents and threats and alleviate them appropriately.

SECURITY LOG RETENTION:

Access to the security logs is limited to AvidViews and is retained for 180 days.

DISTURBED DENIAL-OF-SERVICE (DDOS) PREVENTION:

AvidViews leverages industry-leading platforms to detect, mitigate, and prevent the DDoS attacks.

BUSINESS CONTINUITY SECURITY AND INCIDENT RESPONSE (DISASTER RECOVERY)

AvidViews maintains Business Continuity and Disaster Recovery Plans that are regularly reviewed and modernized. To ensure supreme resiliency, AvidViews uses a variety of tools and mechanisms which includes the following:

GLOBAL RESILIENCY:

As AWS spans multiple geographic regions and availability zones, it allows AvidViews to remain resilient (globally) in the event of failure modes which include natural disasters or system failures or malfunctions.

ENCRYPTION OF DATA BACKUPS:

AvidViews uses secure cloud storage to conduct regular backups of its clients’ account information, call recordings and other critical data. All backup files are secured using strong encryption and are stored redundantly across multiple availability zones.

SUPPLIER RELATIONSHIPS (THIRD-PARTY SECURITY)

In today’s interconnected business environment, maintaining visibility into the software supply chain is of utmost importance, for which AvidViews has implemented the following programs:

VETTING PROCESS:

For using third-parties, AvidViews validates prospective third-parties through security assessments at the time of onboarding.

ONGOING MONITORING:

Once the supplier relationship has been established, AvidViews audits security and business continuity concerns periodically at existing third-parties. The program consists of the following:

  • Type of access and classification of data being accessed (if any).
  • Security controls necessary to protect the data.
  • Legal/regulatory requirements.
OFFBOARDING:

AvidViews ensures that the data is returned and/or deleted at the end of a vendor relationship.

PHYSICAL SECURITY

As AvidViews is committed to secure its facilities, physical security is an important part of the security strategy which includes the following:

DATA CENTER SECURITY:

For all production systems and customer data, AvidViews leverages AWS data centres which allows best practices and complies with an impressive array of standards.

For more information on AWS Data Center Physical Security, see the AWS Security Whitepaper: Click here

OFFICE LOCATION SECURITY:

AvidViews has a security program that manages the visitors, building entrances, CCTVs, and overall office security. All employees, contractors and visitors are required to wear the identification badges which distinguish their respective roles.

SECURITY COMPLIANCE

With the commitment to alleviate risk and maintain regulatory and security compliance requirements, AvidViews includes the following:

REGULATORY ENVIRONMENT:

AvidViews complies with applicable legal, industry, and regulatory requirements as well as the best industry practices.

TOP TIER INFRASTRUCTURE PROVIDER:

AvidViews’s audio/video conferencing platform uses Amazon Web Services (AWS) data centers for its high scalability, security and reliability. AWS complies with leading security policies and frameworks, including SSAE 16, SOC framework, ISO 27001 and PCI DSS.

ISO 27000 SERIES:

AvidViews has acquired the ISO/IEC 27001:2013 certificate, providing the best practices on information security policies and procedures.

SUMMARY

AvidViews, as an audio/video conferencing platform, enables businesses to deliver superior customer experiences by using our platform with features like a backroom user, translator and halt discussions, along with advanced features like eye tracking, facial coding etc.

To give customers the confidence to move communications to the cloud, we follow security measurements to ensure the protection of the physical, network and application components of the platform, which are coupled with security practices and compliance.

Lastly, if you have more questions or need more detailed answers, feel free to get in touch with our team via the contact form at Avidestal.