Security & Compliance

Ensuring security and compliance in loan origination websites to protect data and meet regulatory standards.

SOC 2 Type II

Guarantees the security of your data & the privacy of your clients.

ISO 27001

Highest standards of information security and global cybersecurity.

GDPR Compliance

Transparent and secure handling of EU personal data.

Security Overview

Foundation of Trust: Security is the cornerstone of trust in SaaS.
Multi-layered Protection: Holistic defense using People, Process & Technology.
Adherence to Standards: industry and federal standards, ensuring regulatory and sectors effectively.
Continuous Improvement: Voxing prioritizes security from the beginning. This commitment ensures ongoing adaptation to the dynamic threat landscape, fortifying the platform comprehensively.

Shared Security

Application Security: Customers define requirements, Voxing secures infra.
Platform Safety: Robust development & maintenance security.
Cloud Security: Voxing secures infrastructure in chosen Cloud Service Providers like AWS, Azure, Google Cloud, etc.

Enterprise Security

Essence of Protection: Voxing's platform is built with protection as its core essence, catering to highly regulated sectors.
Multi-layered Defense: Intrusion detection across all layers.
State-of-the-art Tools: Voxing utilizes advanced tools like web application firewalls (WAFs) for comprehensive security.
Robust Incident Response: Voxing's Incident Response Plan (IRP) is meticulously designed and tested, ensuring swift and effective action.

Features & Controls

Our security strategy revolves around a shared policy defining roles and responsibilities among Voxing, customers, and cloud service providers, with a focus on empowering users to develop secure applications while ensuring security across critical layers: Cloud, Platform, and Application.

We prioritize security throughout the Software Development Lifecycle (SDLC) phases, ensuring robust protection.
During planning, we align functionality changes with regulatory, legal, and security requirements, meeting organizational needs.
Prior to deployment, rigorous automated vulnerability assessments and manual tests ensure security integrity.
In design, we conduct thorough reviews, encompassing threat modeling and adherence to security best practices.
Our platform offers a robust build pipeline with revisiting capabilities and a transparent audit trail.

Data Security & Encryption

We prioritize data confidentiality, integrity, and availability, adhering to the highest security standards.
Robust encryption measures are applied to data at rest and data in transit , ensuring security.
Encryption occurs both client-side and at rest using AWS Key Management Service (KMS) for full security.
Data is safeguarded within MongoDB, fully encrypted with AES-256 encryption at rest .
All data, backups, including logs, database files, and digital assets (files, documents, images), undergo client-side encryption before uploading to the encrypted S3 storage.
For Enterprise clients, we facilitate third party security audits on Voxing-built apps, ensuring compliance with required standards, either in-house or externally.

Single-tenant architecture

We prioritize personalized and secure environments,offering single-tenant architecture forEnterprises.
Your Voxing instance is exclusively dedicated to your organization, ensuring complete data isolation.
Sensitive information remains segregated from other users' data, providing peace of mind.
Source code export enables deployment in public/private clouds or on-premises, ensuring data security and privacy with exclusive access control.
Only your data, rules, and users reside within your application instance, guaranteeing data privacy.

Secure System of Record

At Voxing, we prioritize data integrity and security. Our Write Once, Read Many (WORM) technology ensures protection.

Data Lineage: Voxing ensures transparency and accountability with robust data lineage capabilities, tracking changes and interactions effectively.
Audit Control: Audit control in a Voxing ensures thorough tracking, monitoring, and accountability for all actions and changes made.
Access Management: We monitor data access, downloads, and uploads to ensure security and accountability.
Audit Trail : In Voxing, an audit trail provides a detailed record of user actions, changes, and system activities for accountability.
Granular Data Retention: Voxing provides precise data retention control, allowing collection and management of various data types efficiently.

High Availability & Redundancy

In Software as a Service (SaaS), reliability is paramount. Voxing ensures consistent availability and performance for mission-critical applications.

Commitment to Service Availability: We ensure uninterrupted operation of your business-critical software with Voxing's SaaS solution, achieving consistent near-100% utilization.
Fail-Safe Mechanisms: Our infrastructure is equipped with failure detection capabilities, triggering immediate alerts to our Network & Security teams. Automatic containment measures maintain seamless data backup and service continuity.
Business Continuity Plan (BCP): We prioritize high performance with multi-zone data and application availability for business continuity and disaster recovery. Clients have full control and ownership of their data within a single-tenant environment.
Disaster Recovery (DR): Voxing's team ensures rapid data restoration from DR Site as soon as possible after a disaster type event. Our disaster recovery plan is regularly tested and updated to ensure minimal impact in case of a disaster.
Automatic Data & Configuration Backup: We prioritize data protection, incorporating automatic periodic backups to maintain data integrity and facilitate disaster recovery.

Backup & Restoration

We prioritize data security with tailored backup and restoration procedures, ensuring integrity and meeting client needs.

Recurring Backups: We conduct regular data backups to ensure safety and availability, storing transactional data frequently. Data backups are performed automatically and allow for one or more data recovery points, giving you the confidence that your data won’t be lost.
Retention Period: We empower clients to set data retention policies, offering flexibility to customize backup points retention periods.
Storage Policies: We securely store additional backup snapshots for efficient disaster recovery, ensuring comprehensive data protection.

Penetration Testing

We conduct regular penetration tests, simulating real-world attack scenarios to strengthen platform security.
Our team performs network and application penetration tests, addressing vulnerabilities from various sources.
By working transparently with customers in testing processes, we demonstrate our commitment to safety and integrity.
Internal manual application reviews complement automated reviews, ensuring comprehensive coverage of vulnerabilities.
We offer client-driven penetration tests, encouraging user participation to assess platform security collaboratively.

Safety Education & Training

We prioritize security as a mindset, fostering it through ongoing comprehensive training programs.
New hires undergo immersive security training led by seasoned experts, laying cultural groundwork.
Monthly digital sessions keep employees updated on evolving threats and data privacy laws.
We provide specialized safety training tailored to individual responsibilities, enhancing our security strategy.
Security is ingrained in our organization's fabric, empowering each team member as stewards of trust.