Security & Compliance

Because when it comes to keeping your data safe you should not have to compromise

Start Your Trial
Talk with Sales

Breathe Easy. We Have The Security  You Need.

We built our cloud infrastructure to meet the security standards of our customers and the industries that they serve. We’ve gone through rigorous audits to achieve PCI-DSS, SOC2, and HIPAA compliance, which means that our customers never need to worry about the security of their voice applications. By meeting these standards we’re particularly well-equipped to serve the finance/banking, and health care industries.

Using both hardware and software, Plum Voice established and maintains physical and technical safeguards that protect the confidentiality and integrity of your electronic business information.

Learn more about what it takes to become PCI-DSS or HIPAA compliant.

 

Payment Card Industry (PCI) Compliance

  • Plum has achieved Level 1 compliance with Payment Card Industry Data Security Standards (PCI DSS).
  • Plum’s Level 1 compliance designation is certified by an approved Qualified Security Assessor (QSA).
  • Our systems are scanned externally by an Approved Scanning Vendor (ASV) every 90 days to ensure there are no vulnerabilities.
  • Our systems are also subjected to an external network penetration scan to ensure that access is not easily allowed into the secure environment.
  • Only a specific set of authorized Plum employees have access to Plum’s secure environment.
  • Our QSA has verified that any PCI data entering Plum’s secure hosting environment was handled securely.
  • Our QSA also verified that firewalls and systems were secure and that only authorized individuals for Plum had access to the secure hosting environment.
  • Plum’s services and products operate in class A data center facilities that maintain the physical security of the systems and network equipment of its secure cloud environment. The facility requires bioscan (fingerprint) verification along with a physical badge to gain access.
  • Plum also has an Incident Response Team to respond to any emergencies or disasters should one occur.

SOC 2 Compliance

  • Plum complied with AT101 standards for the security, availability, and processing integrity principles of Trust Services Principles (TSP) section 100.
  • Plum also underwent testing by an external auditor to examine the suitability of the design and operating effectiveness of Plum’s internal policies and procedures for security, availability, and processing integrity.

HIPAA Compliance

  • There is no electronic protected health information (ePHI) stored within our secure cloud environment. All ePHI that we transmit as a result of delivering our IVR services within our secure cloud environment is treated as confidential and private.
  • Access to network equipment and systems within our secure cloud environment is provided only to authorized Plum employees within our operations team. These systems and network devices can be accessed only via two- factor authentication.
  • Plum does not share any patient or provider information with any of our vendors, clients, partners, contractors, or temporary or part-time employees.
  • Plum has a designated Information Security Officer. Our Information Security Officer has the responsibility for the development and implementation of Plum’s information security policies, procedures, and technology.
  • Plum has established secure audit logging and tracking mechanisms that document any access to the secure cloud environment.
  • Plum has established training programs focused on privacy policies to inform employees on the handling of electronic protected health information data as required by HIPAA protocols.

Notice of Privacy

Under HIPAA, Plum is not a “Covered Entity”, but rather a “Business Associate” and also does not store any Protected Health Information (PHI) within its secure environment. Therefore, Plum does not retain the ability to disclose any PHI to individuals because of this operating model.