Vox Mobile is committed to maintaining the most secure environment possible to protect client-owned and internal data. Our company works hard to ensure that client and end user data is stored securely and accessed only when needed to provide service to our customers. This Security Statement is written to explain how we protect our customers as well as inform how they play a role in their own security.
The statements, processes, and methods on this page have no expiration date but is reviewed and updated annually.
Employee Background Checks: Background checks are conducted on all employees.
Security Training: Employees receive training about security awareness and the use of general office technology.
Service Training: Personnel providing service to any of Vox Mobile’s clients receive training specific to that client’s technology and business process needs.
Information Security Policies: Internal security policies are reviewed and updated on a regular basis.
Building Security: Perimeter security controls such as alarms, cameras, door access controls, and other features help provide a secure environment. Access to key areas is restricted to employees who have a need to perform their specific job function.
Datacenters: Our systems infrastructure is collocated in third party datacenters who are SOC 2 and/or SSAE16 audited. Equipment is monitored 24/7 and secured by security guards, visitor logs, biometric recognition, and stored in locked cages. All datacenters are designed in line with TIA-942 standards with properly spaced layouts, tiered reliability with redundant power supplies, and environmental controls. End user data is stored in the United States and Canada.
Vendor Review: Vox Mobile reviews SOC reports on an annual basis from partners and third party service providers involved with providing services to clients or internal users.
Vox Choice: Data is backed up daily to a secure datacenter location.
Access Control: Employees accessing company resources remotely use a secure, encrypted connection at all times. Access to systems is provided based on the principle of least privilege using role based access controls which limit the capabilities of individual users.
Maintenance and Patches: System patches and upgrades are regularly scheduled and implemented during maintenance windows to avoid affecting normal business operations and mitigate any vulnerability.
Client System Security: Clients should ensure that their own internal security group ensures that data is stored and accessed in a secure manner to prevent data theft within the standards and conventions specific to their industry. Clients should also educate their end users about using technology in a safe and responsible manner.
Transfer of Data: Clients transferring sensitive data to Vox Mobile should do so through secure means such as SFTP.
Data Accuracy: Clients supplying data to Vox Mobile are responsible for the accuracy of information used by Vox to provide service. This includes human resources data uploads, device records, server data, and any related carrier billing data.
Role Based Access Controls: Clients utilizing Vox Choice and associated Vox services are responsible for taking steps to ensure that users are assigned to the correct security roles and permissions.
Client Active Directory Accounts: Clients providing Vox Mobile personnel with access to any environment are responsible for ensuring that each account is a named account for each person accessing the environment and password complexity and expiration policies are configured.
User Population Management: Clients utilizing Vox software or services are responsible for informing Vox Mobile of any changes in personnel responsibilities and changes in employment status. Clients are also responsible for the deactivation of Vox Mobile’s user accounts when notified of these same types of changes.
Keeping our clients’ data secure is very important to us and we encourage the responsible reporting of security issues and software vulnerabilities in any of our products or services.
To report security issues, you can send an e-mail to firstname.lastname@example.org.
Please provide a complete description of the issue, resources, tools, and methods used to reproduce the issue so that our team can analyze, validate, and implement any needed repairs.
Reported issues will receive a timely response indicating that we have received your request and provide information for additional next steps, if any should exist.
Vox Mobile understands that security researchers are part of having a secure Internet. However, we cannot condone methods that use any of the following techniques on our products or services:
Service interruption attacks such as denial of service (DoS)
Attacks which attempt to remotely or locally access any data not owned by your organization
Modifying, corrupting, or deleting any data not owned by your organization
Willfully misusing any of our products or services to create intentional harm or injury to a third party
In such cases, Vox Mobile will retain all of its legal right