Playvox delivers and supports its services through cloud service provider, Amazon Web Services, that use widely accepted practices and infrastructure to secure customer data. Network services include a combination of dedicated servers and distributed resources.
A set of approved security policies aligned with our business processes and the shared responsibility model are in place to provide the security baseline for employees and contractors.
Application and infrastructure changes are identified, tracked, documented, authorized, developed, tested and approved before they are implemented in production. CI/CD pipelines are used to guarantee the process is repeatable, auditable and secure. Updates to software, applications and program libraries are performed by designated and trained personnel on immutable hardened and security audited images. Once they are tested and approved new instances are provisioned with the updated images.
Playvox has a security incident response process in place to handle problems impacting our service and the prompt notification of impacted customers.
Playvox provides information security and data protection training to employees such as officers, engineers and support personnel. We also hold two annual security talks to all staff with the goal of making employees aware and engage in information security and best practices. Employees at all levels are aware of their roles and responsibilities to efficiently support the Information Security Program. Developers and engineers receive continuous training in Secure Code Development based on best industry-practice guidelines and OWASP guides for Secure Web Development. We also use a communication channel with the main purpose of sharing tips related to information security to our employees.