Data security and privacy have always been at the forefront of development of the Chorus platform and solutions. This will continue to be the case with the application of the General Data Protection Regulation (GDPR).
Encryption at device level
Communication between devices and the platform is encrypted end-2-end by 256-bit AES symmetric key to prevent man-in-the middle attacks and backdoors.
Encryption of travelling data
Messages are always encrypted and authenticated by Transport Layer Security (TLS) – including data transferred from the vyzVoice data stores back to the user’s browser.
Encryption at rest
vyzVoice encrypts customer data stored at rest by default, using 256-bit AES encryption, one of the strongest block ciphers available.
vyzVoice communication protocol does not rely on a direct communication between devices and the platform, but uses a secure message broker system.
Through the gateway dispatcher, customers can define which datapoints and registers are exposed and ensure that data can only leave the premises if they have granted consent.
The vyzVoice communication protocol accepts only a pre-defined set of authorized commands to prevent it from exposing features of the underlying protocols.
Private Cloud instance
Without losing the scalability and flexibility of the cloud, Chorus can be deployed in a dedicated cloud instance, with a site-2-site VPN restricting the access to your data to within your premises.
User Access Management
Integrated user authentication and authorization controls ensure full security in access to the platform and data.
In our own operations, we also apply stringent data protection practices.
At vyzVoice, internal policies and processes are designed and implemented to secure customer, company, and employee information. In all cases involving personal data, our policies and procedures adhere to the privacy and security standards of the GDPR.
We have built a strong information security culture within vyzVoice. Starting at initial company orientation, all employees participate in regular on-going training on data privacy and security. Policies and procedures are reviewed and reinforced regularly ensuring best practices are observed and the GDPR respected.