CPNI

Consumers are understandably concerned about the security of the sensitive, personal data they provide to their service providers. The Federal Communications Commission (FCC) requires carriers like iSycol to establish and maintain systems designed to ensure that we protect our subscribers’ Customer Proprietary Network Information (CPNI).

Each year, iSycol files an annual certification documenting our compliance with these rules. 

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The payment processing system utilized by iSycol has passed these strict testing procedures, and is fully compliant with the Standard. This helps ensure that your payment information will not be accessed by unauthorized parties or shared with unscrupulous vendors.

SOC-2

SOC2 is a technical audit specifically designed for service providers who store customer data in the cloud. iSycol has a SOC 2 report from an independent auditor who has validated that, in their opinion, iSycol’s controls and processes are effective in minimizing risk and exposure to this data.

iSycol is audited company-wide, not just at the datacenter level. Additionally, while some service providers may only choose to be audited against one or two of the five trust service principles (security, availability, processing integrity, confidentiality and privacy), iSycol has been audited against all five.

GDPR

This European compliancy regulates the processing of personal data relating to individuals in the European Union.

iSycol can help you ensure that your company has effective data rights management strategies enforced in this geography.

HIPAA

The HIPAA confidentiality and security or “privacy” rules require entities that engage in HIPAA transactions to protect Individually Identifiable Health Information against disclosure to unauthorized parties.

When combined with your strong internal security policies and procedures, the iSycol Elevate service (using the recommended settings shown here) helps to safeguard Protected Health Information (PHI) by adhering to the required administrative, physical and technical standards outlined in the HIPAA Security Rule.

iSycol can partner with healthcare organizations to help protect your PHI. Ask your iSycol Sales Representative about a Business Associate Agreement (BAA.)

UNITE HIPAA COMPLIANCE
	HIPAA COMPLIANCE	INTERMEDIA RECOMMENDS
Elevate Calling	✓ ACTION SUGGESTED	The account can request that TLS encryption be enabled
Call Recording	✓ ACTION SUGGESTED	We suggest administrator disable call recording notifications for greater security
Voicemail to Email	✓ ACTION SUGGESTED	We suggest administrator disable Voicemail to Email notifications for greater security
Voicemail Transcription	✓ ACTION SUGGESTED	We suggest administrator disable Voicemail Transcription notifications for greater security
Visual Voicemail	✓	Visual Voicemail is available in the Elevate mobile app, and is protected by 2-factor
Desktop App	✓	Visual Voicemail is available in the Elevate Desktop app, and is protected by 2-factor
Mobile App	✓ ACTION SUGGESTED	TLS can be enabled by the user for greater privacy
SMS	✓	SMS information is encrypted at rest and inflight when sent between iSycol and it’s partner’s network
Chat	✓	Chat message information is encrypted at rest and inflight
WebFax	✓ ACTION SUGGESTED	WebFax is not stored encrypted at rest. Webfaxes are protected by an ID and PIN. Suggest administrator disable WebFax notifications in Email for greater security
SecuriSync	✓
Anymeeting	✓
Extend Integrations	NOT APPLICABLE	Integrations with 3rd party applications are not covered under the HIPAA BAA

SECURITY
	HIPAA COMPLIANCE	INTERMEDIA RECOMMENDS
Business Assosiate Agreement	✓	A Business Assosiate Agreement(BAA) is required for HIPAA compliance
Additional HIPAA Security Controls	✓	The account can request that TLS encryption be enabled