Data Security, HIPAA, PCI & GDPR
Security at IVR Lab is the highest priority. IVR Lab utilizes Amazon Web Services (AWS) infrastructure as a primary resource for processing and storing customer data, if any. The AWS infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure data centers in various regions around the world. From a strict compliance perspective, AWS manages dozens of compliance programs in its infrastructure. This means that segments of compliance have already been completed.
As an IVR Lab customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Other security measures include, but are not limited to:
- Network firewalls and web application firewall capabilities let us create private networks, and control access to customer data.
- Encryption in transit with TLS across all services
We commit to the highest legal and ethical principles in the conduct of all aspects of our business. The company and each individual who is a part of it will adhere to the highest standards of moral and ethical business conduct and will keep promises, treat each other and any others with whom they come into contact with honesty, civility, and respect. We want to be worthy of the highest trust of those with whom we interact.
Information is an important business asset of significant value to the IVR Lab and its sister companies, and thus needs to be protected from threats that could potentially disrupt business continuity. Our information security policy is available upon request to customers who have executed a Non Disclosure Agreement and has been written to provide a mechanism to establish procedures to protect against security threats and minimize the impact of security incidents.
Information on industry and region specific rules, regulations and compliance can be found on their respective pages:
HIPAA
The Health Insurance Portability and Accountability Act created in 1996 contains provisions to protect the security and privacy of Protected Health Information (PHI)
PCI DSS
Payment Card Industry Data Security Standard was originally released in 2004 and has had several updates since then and contains provisions for security credoit card data
GDPR
General Data Protection Regulation was adapted by the EU in 2016 and is the biggest change in data protection laws in Europe since 1995 Data Protection Directive