We built our cloud infrastructure to meet the security standards of our customers and the industries that they serve. We’ve gone through rigorous audits to achieve PCI-DSS, SOC2, and HIPAA compliance. We’re also a Visa Verified vendor. That means that our customers never need to worry about the security of data that moves through their applications on Plum’s platform. By meeting these standards we’re particularly well-equipped to serve the finance/banking, and health care industries.
Using both hardware and software, Plum Voice established and maintains physical and technical safeguards that protect the confidentiality and integrity of your electronic business information.
Under HIPAA, Plum is not a “Covered Entity”, but rather a “Business Associate” and also does not store any Protected Health Information (PHI) within its secure environment. Therefore, Plum does not retain the ability to disclose any PHI to individuals because of this operating model.
The Visa Global List of Service Providers is a mechanism for service providers to showcase their compliance efforts with various security standards.
Being listed on Visa’s Global Registry of Service Providers, is a quick way to ensure merchants that Plum Voice is compliant with the most current version of the Payment Card Industry Data Security Standards, and with the Visa Inc. security standards.
To view a list of all Visa-compliant service providers, click here.
Cyber Essentials is a UK-government-backed scheme that assesses a company’s cyber-security preparedness. It was created to give companies a way to demonstrate that they are taking the necessary steps to mitigate and control common risks to cyber-security.
To achieve certification, Plum Voice was assessed on the following five controls:
The European Union implemented the General Data Protection Regulations (“GDPR”), to better protect the personal data of EU data subjects, on May 25, 2018. Although the GDPR is a set of European Union-mandated regulations, its scope covers both companies that are physically present in the EU, as well as, all companies outside of the EU that handle the personal data of EU data subjects.
The GDPR requires that service providers who transmit the personal data of EU citizens must guarantee the existence of technical and organizational safeguards, outlined in the regulations, to ensure the lawful transfer of data.
To ensure that Plum Voice appropriately responds to the implementation of these regulations, Plum Voice has updated its policies and procedures to be in line with the GPDR, and now offers its customers a Data Processing Addendum(.pdf) (“DPA”) that outlines Plum Voice’s security responsibilities regarding safe data transfer. This DPA also includes contractual language (“Standard Contractual Clauses”) approved by the European Commission, which provide further assurances of the proper transfer of personal data that belong to EU data subjects.
How to Enforce the DPA
To enforce this DPA, both parties must sign an unmodified version of this DPA.
To request a signed version of this DPA, on Plum Voice’s behalf, or to submit a signed copy of this DPA, on the Customer’s behalf, please email: Compliance@plumgroup.com.