Security and Compliance

CPNI

Consumers are understandably concerned about the security of the sensitive, personal data they provide to their service providers. The Federal Communications Commission (FCC) requires carriers like iSycol to establish and maintain systems designed to ensure that we protect our subscribers’ Customer Proprietary Network Information (CPNI).

Each year, iSycol files an annual certification documenting our compliance with these rules. 

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The payment processing system utilized by iSycol has passed these strict testing procedures, and is fully compliant with the Standard. This helps ensure that your payment information will not be accessed by unauthorized parties or shared with unscrupulous vendors.

SOC-2

SOC2 is a technical audit specifically designed for service providers who store customer data in the cloud. iSycol has a SOC 2 report from an independent auditor who has validated that, in their opinion, iSycol’s controls and processes are effective in minimizing risk and exposure to this data.

iSycol is audited company-wide, not just at the datacenter level. Additionally, while some service providers may only choose to be audited against one or two of the five trust service principles (security, availability, processing integrity, confidentiality and privacy), iSycol has been audited against all five.

GDPR

This European compliancy regulates the processing of personal data relating to individuals in the European Union.

iSycol can help you ensure that your company has effective data rights management strategies enforced in this geography.

HIPAA

The HIPAA confidentiality and security or “privacy” rules require entities that engage in HIPAA transactions to protect Individually Identifiable Health Information against disclosure to unauthorized parties.

When combined with your strong internal security policies and procedures, the iSycol Elevate service (using the recommended settings shown here) helps to safeguard Protected Health Information (PHI) by adhering to the required administrative, physical and technical standards outlined in the HIPAA Security Rule.

iSycol can partner with healthcare organizations to help protect your PHI. Ask your iSycol Sales Representative about a Business Associate Agreement (BAA.)

UNITE HIPAA COMPLIANCE
 HIPAA COMPLIANCEINTERMEDIA RECOMMENDS
Elevate Calling
ACTION SUGGESTED
The account can request that TLS encryption be enabled
Call Recording
ACTION SUGGESTED
We suggest administrator disable call recording notifications for greater security
Voicemail to Email
ACTION SUGGESTED
We suggest administrator disable Voicemail to Email notifications for greater security
Voicemail Transcription
ACTION SUGGESTED
We suggest administrator disable Voicemail Transcription notifications for greater security
Visual VoicemailVisual Voicemail is available in the Elevate mobile app, and is protected by 2-factor
Desktop AppVisual Voicemail is available in the Elevate Desktop app, and is protected by 2-factor
Mobile App
ACTION SUGGESTED
TLS can be enabled by the user for greater privacy
SMSSMS information is encrypted at rest and inflight when sent between iSycol and it’s partner’s network
ChatChat message information is encrypted at rest and inflight
WebFax
ACTION SUGGESTED
WebFax is not stored encrypted at rest. Webfaxes are protected by an ID and PIN. Suggest administrator disable WebFax notifications in Email for greater security
SecuriSync 
Anymeeting 
Extend IntegrationsNOT APPLICABLEIntegrations with 3rd party applications are not covered under the HIPAA BAA
SECURITY
 HIPAA COMPLIANCEINTERMEDIA RECOMMENDS
Business Assosiate AgreementA Business Assosiate Agreement(BAA) is required for HIPAA compliance
Additional HIPAA Security ControlsThe account can request that TLS encryption be enabled