CallCabinet Trust Center

1: Compliance Certification.

CallCabinet adheres to industry best practices and standards to achieve compliance with widely accepted security and privacy frameworks. This commitment helps our customers meet their own compliance requirements. Our certification to the ISO/IEC 27001 standard is internally audited by an external party, and externally audited by the British Standards Institute.

2: Publicly Available Resources.

These resources are available for review without the need for a Non-Disclosure Agreement (NDA). They provide detailed information about our data protection practices, compliance measures, and security infrastructure.

• Data Processing Agreement (DPA): This document ensures lawful compliance with GDPR Article 28, identifying the roles and responsibilities of the controller and processor, and outlining the written instructions for processing.
• ISO 27001 Certificate: Our certification to the ISO/IEC 27001 standard, demonstrating our commitment to robust information security management practices.
• Cloud Security Alliance (CSA) CAIQ: This questionnaire details our cloud security controls, offering transparency into our cloud security posture.
• Shared Assessments Standard Information Gathering (SIG) Lite: A streamlined version of the SIG, providing a comprehensive overview of our security controls and risk management practices.
• Higher Education Community Vendor Assessment Toolkit (HECVAT) Lite: This tool provides insight into our compliance with the security requirements specific to the higher education
• Logical Architecture Diagrams: Visual representations of our network architecture, illustrating how data flows within our system and the security measures in place.
• White Papers: In-depth documents covering various aspects of our technology, security practices, and compliance efforts.
• Datasheets: Concise documents summarizing the features, benefits, and technical specifications of our products and services.

These resources are designed to provide transparency and assurance about our commitment to data protection and security.

3: Resources Under NDA.

These resources are available for review upon signing a Non-Disclosure Agreement (NDA). They provide deeper insights into our security practices, compliance audits, and risk management strategies.

• ISO 27001 Audit Report: This detailed report covers the findings of our external ISO/IEC 27001 audits, showcasing our adherence to information security management standards.
• Penetration Test Reports: Comprehensive reports detailing the results of regular penetration tests conducted to identify and address vulnerabilities in our systems.
• Business Continuity and Disaster Recovery Test Results: Documentation of our business continuity and disaster recovery plans, including the results of regular testing to ensure preparedness for potential disruptions.
• Certificate of Insurance: Proof of our insurance coverage, demonstrating our commitment to risk management and financial responsibility.
• Statement of Applicability (SOA): A document outlining the specific security controls we have implemented as part of our ISO/IEC 27001 certification, based on our risk assessment.

These resources provide a thorough understanding of our security posture and compliance efforts, ensuring that our customers can trust in the robustness and reliability of our services.

4: Cloud Security.

CallCabinet ensures robust cloud security across all our services, leveraging advanced technologies and best practices to protect customer data. This section provides an overview of our comprehensive cloud security measures.

• Azure Security: We utilize Microsoft Azure’s comprehensive security features, including built-in security controls, advanced threat protection, and continuous monitoring to safeguard our cloud infrastructure.
• Vendor Security: Regular audits and assessments of third-party vendors ensure that they meet our stringent security standards, protecting our supply chain from potential vulnerabilities.
• Network Security: Our network security measures include advanced firewalls, intrusion detection and prevention systems, and secure network segmentation to prevent unauthorized access and ensure data integrity.
• Encryption: We employ end-to-end encryption for data both in transit and at rest, using industry-standard encryption protocols to protect sensitive information from interception and unauthorized access.
• Availability and Continuity: Our high availability architecture and comprehensive disaster recovery plans ensure that our services remain operational and resilient, even in the face of unexpected disruptions or attacks.

These measures demonstrate our commitment to maintaining a secure, reliable, and resilient cloud environment for all our customers.

5: Authentication Security.

At CallCabinet, we prioritize secure access to our systems through robust authentication measures. This section outlines the key elements of our authentication security framework.

• Multi-Factor Authentication (MFA): We enforce MFA to provide an additional layer of security, requiring users to verify their identity through multiple methods before accessing our systems.
• Single Sign-On (SSO) Integration: SSO integration simplifies and secures user access by allowing users to authenticate once and gain access to multiple applications, reducing password fatigue and improving security.
• Role-Based Access Control (RBAC): We implement RBAC to ensure that users have access only to the resources necessary for their roles, minimizing the risk of unauthorized access and data breaches.
• Regular Security Training for Employees: Our employees undergo regular security training to stay informed about the latest threats and best practices, ensuring they are equipped to recognize and respond to security risks effectively.

These authentication security measures are designed to protect our systems from unauthorized access and ensure that only authorized users can access sensitive data and resources.

6: Human Resources (HR) Security.

CallCabinet’s HR security policies are designed to ensure that our team members are equipped with the knowledge and tools to maintain a secure environment. This section highlights the key aspects of our HR security framework.

• Background Checks for All Employees: We conduct thorough background checks on all employees during the hiring process to ensure that we maintain a trustworthy and reliable workforce.
• Regular Security Training and Awareness Programs: Our employees participate in ongoing security training and awareness programs to stay updated on the latest security threats and best practices.
• Strict Access Controls Based on Roles and Responsibilities: We implement stringent access controls to ensure that employees only have access to the information and systems necessary for their roles, minimizing the risk of unauthorized access.
• Security Policies and Procedures: We have established comprehensive security policies and procedures that all employees must adhere to, ensuring a consistent and effective approach to security across the organization.
• Incident Response Training: Employees are trained in incident response procedures to ensure quick and effective action in the event of a security breach or other incident.

These HR security measures are essential to maintaining a secure and resilient organization, ensuring that our employees are well-prepared to protect sensitive data and respond to potential security threats.

7: Compliance and Privacy Program.

CallCabinet maintains a comprehensive global privacy and data protection program, involving key stakeholders from Legal, Security, Product, and Executive sectors. This section details our commitment to compliance with various regulatory and industry frameworks.

• General Data Protection Regulation (GDPR): We adhere to the principles of GDPR, ensuring that personal data is processed lawfully, fairly, and transparently, with a clear purpose limitation and data minimization.
• California Consumer Privacy Act (CCPA): Our compliance with CCPA ensures that we provide California residents with enhanced privacy rights and greater transparency regarding their personal data.
• Health Insurance Portability and Accountability Act (HIPAA): We comply with HIPAA regulations to protect the privacy and security of health information, ensuring that our practices meet the stringent requirements for safeguarding sensitive health data.
• Other Relevant Privacy Laws: In addition to GDPR, CCPA, and HIPAA, we ensure compliance with other applicable privacy laws and regulations in the regions where we operate, maintaining a robust and adaptable privacy framework.
• Cross-Functional Key Stakeholders: Our privacy and compliance program involves key stakeholders from various departments, including Legal, Security, Product, and Executive sectors, ensuring a holistic approach to data protection and regulatory compliance.
• Continuous Monitoring and Improvement: We continuously monitor our compliance with privacy laws and regulations, regularly reviewing and updating our policies and practices to adapt to evolving legal requirements and industry standards.

These measures demonstrate our dedication to protecting personal data and ensuring compliance with applicable regulatory frameworks, providing our customers with confidence in our commitment to privacy and security.

8: Data Protection Policies.

CallCabinet is committed to maintaining robust data protection practices through comprehensive policies that govern our data handling and security measures. This section outlines the key policies that form the backbone of our data protection framework.

• Data Protection Policy: This policy outlines our commitment to protecting personal data, detailing the principles and practices we follow to ensure compliance with applicable data protection regulations.
• Information Security Policy: Our Information Security Policy defines the measures we take to protect the confidentiality, integrity, and availability of data, including access controls, encryption, and regular security assessments.
• Data Retention and Destruction Policy: This policy specifies the retention periods for different types of data and the procedures for securely disposing of data that is no longer needed, ensuring compliance with legal and regulatory requirements.
• Incident Response Policy: Our Incident Response Policy details the steps to be taken in the event of a data breach or other security incident, including notification procedures, containment strategies, and post-incident analysis.
• Business Continuity and Disaster Recovery Policy: This policy outlines our plans and procedures for ensuring the continuity of our services and the protection of data in the event of a disaster, including regular testing and updates to the plan.
• Access Control Policy: This policy defines the protocols for granting, managing, and revoking access to our systems and data, ensuring that only authorized personnel have access to sensitive information.
• Privacy Policy: Our Privacy Policy provides transparency about how we collect, use, and protect personal data, informing individuals of their rights and our data handling practices.

These data protection policies are integral to our commitment to safeguarding personal data and maintaining compliance with regulatory requirements, ensuring that our data protection practices are thorough and effective.

9: Transparency Report.

CallCabinet is dedicated to transparency in our operations and practices, providing clear and detailed information about our data handling and compliance activities. This section outlines the key elements of our transparency report.

• Data Access Requests: We provide detailed information about the number and nature of data access requests we receive, including requests from individuals and regulatory bodies, and how we handle them.
• Government Requests for Data: Our report includes information on the number and types of government requests for data, as well as our policies and procedures for responding to such requests while protecting user privacy.
• Data Breach Incidents and Responses: We disclose information about any data breaches that have occurred, including the nature of the breach, the number of affected individuals, and the steps we took to mitigate the impact and prevent future incidents.
• Compliance Audits and Results: Our transparency report provides an overview of the compliance audits we conduct, the findings from these audits, and any corrective actions taken to address identified issues.
• User Notification and Communication: We outline our procedures for notifying users about significant changes to our policies, data practices, or security measures, ensuring they are informed and aware of how their data is being handled.

These elements of our transparency report reflect our commitment to openness and accountability, providing our customers with confidence in our data protection and compliance practices.

10. Additional Resources.

For any further information or specific inquiries, please contact our support team at, support@callcabinet.com

11. Subprocessors.

CallCabinet uses certain Sub-processors (including members of the Smarsh Group and third parties) to provide our Service. The list can be found on our Subprocessors page.