MultiLine Security

Movius follows the highest industry standards to ensure that you can trust us with your critical data.

Movius Internal IT Security

  • We understand the importance of information security, including cybersecurity, to protect against external threats and malicious insiders. 
  • Our cybersecurity strategy prioritizes detection, analysis and response to threat intelligence, cyber risks, and malicious activity. 
  • We continuously strive to meet or exceed the industry’s information security best practices and apply controls to protect our clients and the infrastructure of the company.

Security Certifications

  • Our information security management program is built to comply with the ISO 27001 framework.
  • The security controls for the Movius platform annually undergo SOC 2 Type 2 examination against AICPA defined standards.

Encryption

  • All data is encrypted in transit and at rest.

Secure Cloud Data Center

  • Your data is protected using FIPS 140-2 Level 3 compliant HSMs and customer owned encryption keys.
  • Storage is compliant with:
    • Federal Information Processing Standard (FIPS) Publication 140-2
    • Federal Information Security Management Act (FISMA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Payment Card Industry (PCI)
    • Basel II
    • California Security Breach Information Act (SB 1386)
    • EU Data Protection Directive 95/46/EC

Security Scanning

  • SAST and DAST are performed for every maintenance and general release.
  • Manual Penetration testing is performed annually.
  • Bi-weekly vulnerability scan is performed by in-house security experts.

Disaster Recovery and Geo-redundancy

  • Movius performs daily backups of production data that is only used to minimize data loss in the event of a disaster.
  • Production data is immediately written to an independent 2nd database which is either at the same location for single site installations or at a second data center in geo-redundant configurations.
  • We complete re-certification and surveillance audits annually.

Manage Users and Admins

Admin Audit Logging

  • All activities by Admins in Management Portal and Developers using the API are logged in Admin logs.
  • Full search functionality helps you quickly track down activities of interest, including:
    • Log in
    • Adding, deleting, or viewing an account
    • Viewing or downloading a report
    • Viewing or downloading data
  • You can also set up alerts for activities, such as password changes and deleted accounts. See Manage Alerts 

Admin Access Control

User Access Control

  • Admins have complete control over user access to MultiLine app. It's possible immediately suspend or delete a user account from Management Portal to remove access to the application.
  • Calls to a MultiLine number from a deleted account can automatically forwarded, tagged for a specific use or organization, or made generally available.
  • Call or message recording is set by admins and does not allow users to turn the feature on or off, preventing any circumventing of your recording policies.

EMM Integration

  • You can apply any policies from your Enterprise Management solution to the MultiLine application.
    • Apply corporate authentication and password requirement policies to MultiLine applications.
    • Enforce using MultiLine applications when using corporate apps, including phone number links and conference codes.
    • Restrict copy and paste, screenshots, and more from MultiLine to outside apps.

GDPR

  • We ensure ongoing compliance with the General Data Protection Regulation (GDPR).
  • Users can clearly see what data is shared and have the option to opt in or out of sharing their personal data.

Account Cancellation

  • You may cancel with us at any time by contacting our Customer Success team.
  • We will work with you to offload your data and then securely remove your data from the platform.

FAQ

Can you provide a Security Baseline Document?

Yes. Contact your Customer Success Representative to receive this document. 

The document covers access control, database control, data encryption, penetration testing, and vulnerability scanning policies.

Do you have a vulnerability disclosure process? 

Yes. We provide this process to you as part of the contract as well as contact information for our security team.