We recognize that your data is very sensitive. We combine enterprise-grade security features with comprehensive audits of our applications, systems, and networks to ensure customer data is protected.
DSMN8 conducts a variety of audits to ensure continuous
compliance with industry standard best practices:
• DSMN8 has a certification for compliance with ISO 27001:2021. An independent body has audited our compliance with this standard and issued our ISO 27001:2021 certificate. DSMN8’s compliance with this internationally-recognized standard and code of practice is evidence of our commitment to information security at every level of our organization, and that our security program is in accordance with industry leading best practices.
• We know that maintaining GDPR & privacy compliance is a top priority for your business. That’s why DSMN8 takes a holistic and personalized approach to compliance, maintaining GDPR compliance ourselves, and enabling your business to set its own compliance preferences, as a controller.
• DSMN8 employs data protection and privacy by design, combining enterprise-grade security features with comprehensive audits of our policies, applications, systems, and networks. DSMN8 follows strict international standards and regulations in order to keep your information safe, and is ISO 27001 certified.
Data Center and Network Security
• DSMN8 hosts all its software in Amazon Web Services (AWS) facilities in Europe. Amazon provides an extensive list of compliance and regulatory assurances and ISO 27001. See Amazon’s compliance and security documents or more detailed information.
• DSMN8 conducts third-party network vulnerability scans at least annually.
• Web application architecture and implementation follow OWASP guidelines and built in Java with the Spring Security framework.
• In addition to DSMN8’s extensive testing program, DSMN8 conducts application penetration testing by a third-party at least annually.
• Single sign-on (SSO) allows you to authenticate users without requiring them to enter login credentials for your DSMN8 instance. Login using DSMN8 can be disabled, and DSMN8 supports SSO using SAML (Okta, OneLogin, Rippling), G-Suite, Office 365, and Salesforce.
• DSMN8 login requires strong passwords.
All connections to DSMN8 are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A+ grade for Qualys/SSL Labs.
• All customer data (including call recordings and transcripts) is encrypted at rest and in transit.
• System passwords are encrypted using AWS KMS with restricted access to specific production systems.
• Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege. Access to the AWS production system is restricted to authorized personnel.
• Customer data is purged from DSMN8 systems subsequent to contract termination.
Security Policies and Secure Development Life Cycle (SDLC)
• DSMN8 maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities. DSMN8 policies are audited annually as part of maintaining ISO 27001 certification.
• Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. DSMN8 conducts mandatory code reviews for code changes and periodic in-depth security review of architecture and sensitive code. DSMN8 development and testing environments are separate from its production environment.
• Employee hiring process includes background screening.
• At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and DSMN8 security controls.
• Vulnerability Disclosure Process – DSMN8 considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority, so we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would love to hear from you. Please reach out to us at [email protected] and let us know.
• All access to DSMN8 applications is logged and audited. Logs are kept for at least one year.
• DSMN8 maintains a formal incident response plan for major and minor events.
Watch a Live Demo
Watch a short demo and see the magic for yourself!