At SignalWire, your security is our top priority. We understand that safeguarding sensitive data is a requirement for businesses across all industries. That's why our innovative Programmable Unified Communications platform for voice, messaging, video, and AI is built with stringent security standards in mind, so that you can build the most secure communications solutions for your customers.

Businesses across industries, from healthcare to finance, rely on trusted platforms to keep sensitive data safe. Our robust security systems and commitment to compliance allow you to innovate with the newest technologies without compromising security.

We believe that our security is your security. Our mission is to provide the tools to build cutting-edge communications while maintaining the highest security standards for every customer. We take a proactive approach to compliance, ensuring that our systems adhere to some of the toughest standards in the industry.

In this post, we’ll explore three key compliance frameworks that SignalWire meets and explain how they contribute to a secure and trustworthy environment for your communications.

SOC 2 Type 2

Full name: System and Organization Controls 2 Type 2

Regulatory authority: The American Institute of Certified Public Accountants (AICPA)

SOC 2 Type 2 is an independent attestation of data security controls across a company’s technical system and day-to-day operations. A third-party auditor conducts an extensive audit of the security controls to ensure that they operate as anticipated.

The auditor evaluates the company based on established security, availability, confidentiality, processing integrity, and privacy standards. At the end of the audit period, a company whose controls meet the standards of the AICPA receives a certificate that is valid for one year.

SOC 2 Type 2 is one of the most recognized and respected compliance standards for cloud-based technology companies, especially those handling sensitive data. The audit process involves an in-depth review of a company's security controls, operational processes, and governance.

SignalWire's SOC 2 Type 2 attestation demonstrates our commitment to maintaining a secure and reliable environment for all your communications. The audit, performed annually, ensures that the protective measures we have in place are consistently monitored, tested, and improved as needed to protect against data breaches. By ensuring that our security controls meet SOC 2 Type 2 standards, we provide a solid foundation for data integrity and privacy.

PCI-DSS

Full name: Payment Card Industry Data Security Standard

Regulatory authority: PCI Security Standards Council (PCI SSC)

PCI-DSS is focused on security for payment card transaction environments, covering both technical and operational system components. Generally, to comply with the PCI SSC’s rules, a company must assess all locations and access points to payment data, repair any observed vulnerabilities, and report assessment and remediation details to any requesting entities.

This process involves building and maintaining a secure network, protecting the access to and transmission of transaction data, building and maintaining vulnerability management systems, regularly tracking and testing the network, and maintaining security policies for all employees.

The rise of digital payments has brought with it heightened security risks, making PCI-DSS compliance a critical requirement for companies involved in payment processing. This comprehensive set of security standards is designed to protect cardholder data during transactions, preventing fraud, data breaches, and theft.

SignalWire takes PCI-DSS compliance seriously to ensure that your payment information is always secure. Compliance involves assessing all touchpoints where payment data is collected, transmitted, or stored. To meet PCI-DSS standards, we continually update our security protocols, maintain a secure network, and perform regular system testing and monitoring.

When a customer makes a purchase with SignalWire, all customer payment data is used, stored, and transmitted in a safe and secure manner. SignalWire ensures that all payment data is handled safely, protecting both your customers and your business.

HIPAA

Full name: Health Insurance Portability and Accountability Act

Regulatory authority: United States federal government

The federal government passed HIPAA to ensure the security of medical patients’ protected health information (PHI) and limit third-party access to it. HIPAA establishes security and administrative requirements for entities that handle PHI. In part, those entities must implement appropriate security measures, perform ongoing risk assessments, and institute access and audit controls. These rules are designed to ensure the privacy, integrity, and transmission security of PHI.

For businesses in the healthcare industry, securing protected health information is legally required for any organization that handles medical records or patient data. SignalWire is fully HIPAA-compliant, which means that healthcare providers, insurance companies, and related entities can trust our platform to protect patient privacy.

HIPAA regulations mandate that any entity handling PHI must implement strict administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of sensitive health information. This includes encrypting PHI, restricting access to authorized personnel, and performing ongoing risk assessments.

SignalWire’s commitment to HIPAA compliance means that if you’re working with sensitive patient data, you can build communication solutions on our platform with complete confidence. Whether you're using voice, messaging, or video communication, your PHI is secure.

Many of SignalWire’s customers operate in the healthcare sector, and if a customer brings PHI to SignalWire, that PHI is safeguarded. SignalWire meets the rigorous security and privacy requirements established by HIPAA, making it a trusted choice for organizations in healthcare. By using SignalWire, you can ensure that patient data is protected at all times.

Build with Confidence on SignalWire

Whether you're developing applications for healthcare, retail, or any other sector, your data is protected by some of the most comprehensive compliance standards in the industry when you build with SignalWire.

Our SOC 2 Type 2 attestation ensures operational and data security, PCI-DSS compliance guarantees safe payment transactions, and HIPAA compliance secures patient health data. If you’re ready to build secure, scalable communication solutions, SignalWire is here to support your journey.

Our focus at SignalWire is providing our customers with the solutions they need to thrive. Our goal is to not only equip our customers with developer-friendly tools but to do so in a secure ecosystem. When you build with SignalWire, you can rest assured that your data and systems, and those of your own customers, are protected.

If you have questions or issues about SignalWire security, bring them to our community on Slack or our forum.