BLOG

Enterprise-grade security with SOC 2 certification

Share this 

Share on facebook
Share on twitter
Share on linkedin

It’s a given these days that organizations must ensure their sensitive information is protected against breaches. And we believe providing them with proof that their data is secure is equally important, which is why we’re proud to have recently completed our SOC 2 Type I audit.

There’s nothing more important to us than providing secure and protected systems. Our customers and partners trust us with their most sensitive data, and we know that security and privacy are top-of-mind for all organizations. 

Being a SOC 2 Organization is a demonstration of how everything we do takes security and privacy into consideration, and is proof we comply with Canada’s PIPEDA privacy framework and follow best practices relating to security and privacy. 

Our holistic security and privacy stance is built around three fundamental principles:

Confidentiality – all systems and data must be protected from unauthorized access: this includes outside actors and internal staff without a legitimate need.

Integrity – all systems and data must be protected from unauthorized modification or deletion. 

Availability – all systems and data must be available to the appropriate users when they require access. 

 

 

Security is Everyone’s Responsibility

Wysdom considers security and privacy at every level and with every tool, system, and process we use. Security is everyone’s responsibility at Wysdom: we bake security into our designs and processes, train every staff member in security awareness, and undergo regular audits and tests to ensure our systems are secure and compliant. 

Wysdom and SOC 2

Wysdom is a SOC 2 Organization, meaning we’re audited at least annually and certified to comply with the AICPA’s Service Organization Controls and Standards

SOC (System and Organization Controls) are strict standards designed to help measure how well we manage systems. A SOC 2 report provides our customers with the confidence that Wysdom has appropriate safeguards and procedures in place to protect their data. 

Wysdom has been independently examined by third party auditors and our resulting report ensures our systems have extensive controls around Security, Availability, Confidentiality, and Privacy.

For customers looking for the details of our SOC 2 report, please contact us.

 

Wysdom and Zero Trust Architecture

Wysdom follows a Zero Trust model for security: we employ perimeter protection and segmentation, “never trust, always verify” access; require multiple authentication factors based on context; and employ granular controls based on least-privilege and extensive logging and alerting. 

 

Staffing Controls

There are strict procedures in place regarding staffing: all roles are vetted by management, all candidates are matched to appropriate job functions, and all staff undergo background testing. Wysdom employees sign NDAs as well as acknowledging and agreeing to follow the appropriate policies and procedures for their roles on hire and at least annually.

 

Access Control and Separation of Duties

Access to Wysdom’s systems is tightly controlled according to the principle of least privilege. Only specific, vetted staff are granted access to our systems, and only when required to perform their job function. Access requires multiple authentication factors, is encrypted, and can be controlled based on various contexts (location, device etc.). 

Staff access is strictly segregated by duty to ensure those with sensitive systems access do not have access to the corresponding code running those systems. 

Our development, staging, and production environments are also strictly segregated from each other and user access to these systems separated. 

Access is regularly audited to prevent access or scope creep, and to ensure that only current staff with appropriate permissions can access the minimal set of systems required for their job. 

 

Security Awareness Training

All Wysdom staff are required to undergo security training on starting with us and every year they are with the company. 

 

Independent Security Auditing and Testing

In addition to our extensive SOC 2 controls, Wysdom systems undergo regular internal and independent 3rd party vulnerability and penetration testing, with procedures in place to mitigate issues. 

 

Datacenter and Hosting Partners

We use only Tier-4 datacenter hosting providers that have also undergone independent audits for security and compliance. Our team reviews these reports to ensure there are no security, privacy, or compliance concerns. 

 

Vendor Management

Wysdom has a Vendor Management Program that ensures all vendors meet the appropriate security controls when interacting with any of our tools, systems, or processes.

 

Encryption

All data in transit and at rest is encrypted using the strongest available encryption standards: whether it’s an API framework or a chat with an end-user, encryption is used everywhere to secure and protect data. 

 

Data Residency

Data can reside in any localle required by our customers for compliance or legal reasons. 

 

Privacy and Compliance

Wysdom is compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Privacy Law. 

 

Confidentiality, Integrity, and Availability

Wysdom minimizes the data we collect; we strip Personally Identifiable Information (PII), and we encrypt all data in transit and at rest using the strongest encryption available. All data is kept confidential, and we have processes in place to monitor and manage data integrity, privacy, access, and retention. Our platform is designed to support local, regional, global, and intra-platform redundancy, so localized failures do not affect customer experiences or impact performance or access.

 

Security Reporting

Wysdom has an internal Staff Security Reporting program, and actively incentivizes staff, users, and others to report any possible security issues. 

 

0 replies on “Enterprise-grade security with SOC 2 certification”

Let’s supercharge your virtual agent together

With outstanding customer experience being the most important differentiator, make sure your virtual agent is the one leaving the competition in the dust.

Wysdom is a conversational AI optimization platform that enables higher performing, lower cost conversational virtual agents, continually learning and delivering high-quality customer experiences.

© Copyright Wysdom 2021. All rights reserved.

Artiom Kreimer

VP, Product & Analytics

Artiom has spent 10 years in software and mobile engineering, specializing in quality assurance and customer service. He has worked in testing and QA at both startups and in enterprises such as Clickfree, TELUS, and Freescale Semiconductor.

Michel Benitah

VP, Optimization & Delivery

Michel has 20 years of experience in leading the successful delivery of Conversational AI and Natural Language Customer Care solutions to some of the largest financial, telco, healthcare, utilities, and retail enterprises throughout North America. 

 

Prior to joining Wysdom, Michel spent 20 years at Nuance Communications, holding senior management and leadership positions within the enterprise division, most recently as director of the Toronto office and professional services team.

Frederic Lam

SVP, Sales

Fred brings in 25 years of international experience in sales and business development across North America, the Caribbean, Asia-Pacific, Europe, and the Middle-East.

 

Prior to Wysdom.AI, he held sales leadership positions at Oracle, Redknee, and Movius/Glenayre, successfully growing revenues in both large and small organizations. Fred has also been involved in the start-up community in the earlier stages of his career as an Investment Manager with SP Capital and was an alternate director on a few investee companies.

Karen Chan

Chief Engineering Officer, Co-Founder

With 20 years of experience in software and mobile, Karen has held senior technical roles at 5 startups, including Wysdom.AI, Clickfree, Mobile Diagnostix (HP), Teamatic, and Virtualthere.

Karthik Balakrishnan

Chief Technology Officer

Karthik has over a decade of hands-on, proven global expertise in emerging technologies and implementing intricate platforms and solutions for telecommunications and enterprise during his time at Amdocs, with senior positions in their India, Cyprus, America, and Canada offices.

Nitin Singhal

Chief Operating Officer

Nitin has over 20 years of success in global executions of business technology, driving operational efficiency and digital scalability for some of the world’s largest enterprise clients. 

 

Nitin spent 16 years at Redknee holding executive positions in Research and Development, Customer Operations, Partner Alliances, and most recently as COO.

Jeff Brunet​

President, Co-Founder

Jeff has more than 20 years of experience in the startup world, founding and growing 4 software companies: AracNet, Mobile Diagnostix (HP), ClickFree, and Wysdom.AI. 

 

His in-depth understanding of software development and the challenges in making new technologies successful in the startup world prove invaluable as he serves on the boards of XMG, SurfEasy (Opera), Locationary (Apple), Groupie, and as an advisor to Pushlife (Google), LogMeIn (IPO) and HP. 

 

Jeff holds 23 issued patents in the wireless and consumer electronics spaces and is the lead inventor on 30+ pending patents.

Ian Collins​

CEO, Co-Founder

Ian has founded and grown 6 technology companies over the past 20 years, primarily in the enterprise software space including Wyrex, Mobile Diagnostix (HP), Clickfree, and most recently Wysdom.AI. 

 

Ian invests, mentors, and sits on the boards of several startups in the Toronto area.