Security and Compliance

• All activities by Admins in Management Portal and Developers using the API are logged in Admin logs. 
• Full search functionality helps you quickly track down activities of interest, including: 
  • Log in 
  • Adding, deleting, or viewing an account 
  • Viewing or downloading a report 
  • Viewing or downloading data 

• You can also set up alerts for activities, such as password changes and deleted accounts. See Manage Alerts  

• Fine tune which organizations, data, and functions Admins can access by assigning Roles. See What Admin Roles exist in the Management Portal? 
• Require two factor authentication to log in. See Enable Two Factor Authentication for Admins.  

• Admins have complete control over user access to MultiLine app. It’s possible immediately suspend or delete a user account from Management Portal to remove access to the application. 
• Calls to a MultiLine number from a deleted account can automatically forwarded, tagged for a specific use or organization, or made generally available. 
• Call or message recording is set by admins and does not allow users to turn the feature on or off, preventing any circumventing of your recording policies. 

• You can apply any policies from your Enterprise Management solution to the MultiLine application. 
  • Apply corporate authentication and password requirement policies to MultiLine applications. 
  • Enforce using MultiLine applications when using corporate apps, including phone number links and conference codes. 
  • Restrict copy and paste, screenshots, and more from MultiLine to outside apps. 

• We ensure ongoing compliance with the General Data Protection Regulation (GDPR). 
• Users can clearly see what data is shared and have the option to opt in or out of sharing their personal data. 

• You may cancel with us at any time by contacting our Customer Success team. 
• We will work with you to offload your data and then securely remove your data from the platform. 

Yes, Movius MultiLine enables compliance with MiFID II and FCA COBS 11.8, including the requirement to produce all communications related to a trade upon the request of a regulator, including mobile calls and texts, no matter whether the phone is corporate or privately owned. It brings the compliance, retention, archiving and eDiscovery capabilities that banks require while easily capturing, recording, storing and analyzing mobile voice and text communications.

Yes. Despite firms’ resistance to monitoring text communications, the reality is the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) require that electronic communications used for business purposes are archived and supervised—including text messages.

Key points from the Notice include:

• Recordkeeping: Firms are reminded of their obligation to keep records of business communications under SEC Rule 17a-4(b)(4). Also, firms must train and educate their advisors regarding the distinction between business and personal communications, and the requirements to retain, supervise, and produce business communications.
• Text messaging: Firms that communicate or allow advisors to communicate through text messaging or chat services for business purposes must retain records of those communications, in compliance with SEC and FINRA rules.

MultiLine offers built-in capturing capabilities for all MultiLine texts at an enterprise scale. This happens automatically in the cloud and never requires end-user action.

Yes, MultiLine provides HIPAA-compliant texting and calling through a separate mobile phone number, allowing secure communication between caregivers and patients.

• Capture patient consent from text messages through an automated workflow. All patient consent is captured and available as a report in the Management Portal.
• Identify PHI related keywords and information to redact or block completely from being shared in text messages.
• Secure communication of PHI between caregivers and patients, with Cloud Data Storage that is HITECH and HIPAA Certified. All communication data is TLS 256-bit AES encrypted at rest and in transit.

Yes, it complies with GDPR imperatives including privacy by design, explicit consent, data breach notification, and subject access rights.

Yes. We understand that in highly regulated industries – there are often requirements to capture client opt-in or for the client to enroll in order to text with their advisor. We offer this feature and can configure it according to your company’s needs.

Yes. Contact your Customer Success Representative to receive this document.  

The document covers access control, database control, data encryption, penetration testing, and vulnerability scanning policies. 

Yes. We provide this process to you as part of the contract as well as contact information for our security team.