Security and Compliance
Movius follows the highest industry standards to ensure that you can trust us with your most critical data.
- We understand the importance of information security, including cybersecurity, to protect against external threats and malicious insiders.
- Our cybersecurity strategy prioritizes detection, analysis and response to threat intelligence, cyber risks, and malicious activity.
- We continuously strive to meet or exceed the industry’s information security best practices and apply controls to protect our clients and the infrastructure of the company.
- Our information security management program is built to comply with the ISO 27001 framework.
- The security controls for the Movius platform annually undergo SOC 2 Type 2 examination against AICPA defined standards.
- All data is encrypted in transit and at rest.
- Your data is protected using FIPS 140-2 Level 3 compliant HSMs and customer owned encryption keys.
- Storage is compliant with:
- Federal Information Processing Standard (FIPS) Publication 140-2
- Federal Information Security Management Act (FISMA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry (PCI)
- Basel II
- California Security Breach Information Act (SB 1386)
- EU Data Protection Directive 95/46/EC
- SAST and DAST are performed for every maintenance and general release.
- Manual Penetration testing is performed annually.
- Bi-weekly vulnerability scan is performed by in-house security experts.
- Movius performs daily backups of production data that is only used to minimize data loss in the event of a disaster.
- Production data is immediately written to an independent 2nd database which is either at the same location for single site installations or at a second data center in geo-redundant configurations.
- We complete re-certification and surveillance audits annually.
Manage Users and Admins
- All activities by Admins in Management Portal and Developers using the API are logged in Admin logs.
- Full search functionality helps you quickly track down activities of interest, including:
- Log in
- Adding, deleting, or viewing an account
- Viewing or downloading a report
- Viewing or downloading data
- You can also set up alerts for activities, such as password changes and deleted accounts. See Manage Alerts
- Fine tune which organizations, data, and functions Admins can access by assigning Roles. See What Admin Roles exist in the Management Portal?
- Require two factor authentication to log in. See Enable Two Factor Authentication for Admins.
- Admins have complete control over user access to MultiLine app. It’s possible immediately suspend or delete a user account from Management Portal to remove access to the application.
- Calls to a MultiLine number from a deleted account can automatically forwarded, tagged for a specific use or organization, or made generally available.
- Call or message recording is set by admins and does not allow users to turn the feature on or off, preventing any circumventing of your recording policies.
- You can apply any policies from your Enterprise Management solution to the MultiLine application.
- Apply corporate authentication and password requirement policies to MultiLine applications.
- Enforce using MultiLine applications when using corporate apps, including phone number links and conference codes.
- Restrict copy and paste, screenshots, and more from MultiLine to outside apps.
- We ensure ongoing compliance with the General Data Protection Regulation (GDPR).
- Users can clearly see what data is shared and have the option to opt in or out of sharing their personal data.
- You may cancel with us at any time by contacting our Customer Success team.
- We will work with you to offload your data and then securely remove your data from the platform.
Yes. Contact your Customer Success Representative to receive this document.
The document covers access control, database control, data encryption, penetration testing, and vulnerability scanning policies.
Yes. We provide this process to you as part of the contract as well as contact information for our security team.