Security

Powerful Protection Protocols

Download PDF now

Data Security

Compliance & Infrastructure

Preventative Security

Data Protection & Security

Data Security & Protection at Phonexa is the highest priority. As a Phonexa customer, you will benefit from data center and network architecture built to meet the high requirements of the most security-sensitive organizations.

An advantage of the Phonexa platform is that it allows customers to scale while maintaining a secure environment. Customers pay only for the services they use and our security protections come at no added cost to your business.

data security

Exceptional Firewall Protection

High Level Security Infrastructure and Testing - all at NO cost.

exceptional protection

3 Independent Levels of Intrusion Prevention

cloudflare firewall

CLOUDFLARE WEB APPLICATION FIREWALL

Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.

internal firewall

INTERNAL FIREWALL

Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.

google firewall

GOOGLE CLOUD FIREWALL

The GCP firewall lets you allow or deny traffic to and from your chosen internetconnecting devices. This firewall provides an impressive level of protection at the virtual networking level.

3 Independent Layers of DDoS Prevention

cloudflare firewall

CLOUDFLARE

Cloudflare’s network capacity is 15x bigger than the largest DDoS attack ever recorded. With 15 Tbps of capacity, it can handle any modern distributed attack, including those targeting DNS infrastructure.

internal firewall

GOOGLE CLOUD

The Google Cloud Platform deploys detection systems, implements barriers, and absorbs DDoS attacks by preventing hackers from overwhelming or disabling access to your end users.

automated system

AUTOMATED IP BAN SYSTEM

Since DDoS attackers use multiple hosts to launch a large-scale attack their targets, Phonexa’s sensitive Automated IP Ban System has been implemented to ban any and all IP addresses that pose even a remote threat to the system, mitigating all risks of a full blown DDoS attack.

encrypted channels
Encrypted
Client-to-Service Channels

Client-server communications have been heavily encrypted for maximum data security. Rest assured that all traffic passing between you and the Phonexa server will be protected by multiple layers of encrypted algorithms.

virus software
Virus-Resistant Software

On top of the three powerful firewalls and DDoS prevention methods in place, we’ve also tamper-proofed our software to make it more resistant to attacks, resulting in the system becoming a smaller target for attackers overall.

cipp staff
CIPP/US Certified Staff

Phonexa’s key personnel are Certified Information Privacy Professionals and possess an understanding of global concepts of privacy and data protection law and practice. The global industry standard for professionals in the field of privacy, CIPP helps organizations strengthen compliance and risk mitigation practices.

Gateway Protection

High Level Security Infrastucture and Testing - all at NO cost.

gateway protection

Account Security Solutions

For added gateway protection, users go through a 3-step login process, including the initial password submission, one-time token authentication and a PIN passcode.

  • Valid Passwords are 8 to 32 characters in length with no spaces , include upper and lower case characters, include at least one numeric digit, and include at least one special character such as - . , @ : ! $ /.
  • Passwords are case sensitive.
  • Do not select a password that is similar to the Company Name.
  • Do not select a password that is similar to the Company Name.
two factor Authentication
Two-Factor Authentication

Keep the bad guys out, even if they steal your password through malicious software. Phonexa secures your account by requiring a mandatory second login step. Two-Factor Authentication protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

flexible system
Flexible ACL System

The ACL, or access control list, is a list of permissions attached to individual operations. Phonexa’s flexible ACL System allows for combinable user roles, an additional password layer for modules with sensitive data, and the ability to fine-tune system privileges on the individual user level.

brute system
Brute-Force Password Attack Prevention System

Also known as brute-force cracking, this specific attack uses trial and error to decode encrypted data through extensive effort. To combat brute-force attacks, Phonexa’s system creates captcha for each login and automatically locks the account after a certain amount of failed login attempts, notifying the administrator of the activities.

PCI DSS Compliant
PCI DSS Compliant

The Payment Card Industry Data Security Standard is a set of policies and procedures intended to optimize the security of transactions and protect against the misuse of personal information. PCI DSS ensures a secure network, encryption of sensitive data including banking information and Social Security numbers, among other enforcement measures.

Compliance & Infrastructure

Phonexa's robust infrastructure is equipped with industry-leading security and high redundancy to ensure that your business will never be interrupted. Our scalable architecture was designed for high-volume operations. By continually monitoring and improving our applications, systems, and processes, we demonstrate our commitment to protecting your information. Phonexa's robust cloud platform ensures high uptime, instant recoveries, multi-site redundancy, and hardware-software interconnectivity.
Meeting Global Compliance Standards
Phonexa manages asset security by using cloud services that adhere to the following standards that are outlined by the Internal Organization for Standardization (ISO) and the International Electrotechincal Commission.

compliance infrastructure

SOC 2 Compliance AICPA SOC
Technology compliance defined by the AICPA

Phonexa has further strengthened its security and availability by receiving its SOC 2 Type 1 and 2 certification for 2021 from an independent auditor. The rigorous examination, evaluation and certification from the Security and Organization Controls shows that Phonexa’s systems and controls are powered to keep sensitive client data safe and secure under globally recognized standards.

Learn More
SOC 2 Compliance

ISO/IEC 27001:2013

The ISO/IEC 27001:2013 standard outlines requirements for establishing, enacting, maintaining, and bolstering Phonexa’s Information Security Management system. It also includes requirements for the assessment and treatment of information security threats.

View Our Security Policy
iso 2013

ISO/IEC 27001:2005

The ISO/IEC 27001:2005 standard specifies the requirements for establishing, enacting, operating, guarding, maintaining and enhancing Phonexa’s Information Security Management system within the context of specific business risks. It also includes requirements for the implementation of our strict security controls.
The ISO/IEC 27001:2005 standard was designed to ensure adequate and proportionate security controls that protect information assets and give confidence to those involved. The benefits of ISO/IEC 27001:2005 implementation include, but are not limited to:

  1. Formulating security requirements and goals
  2. Ensuring that security threats are well-managed and met with effective solutions
  3. Acting as a framework for the implementation and management of controls so an organization's security objectives are met
  4. Presenting a new approach on the Information Security Management process
  5. Grading and maintaining the status of Information Security Management activities
  6. Providing useful information about security procedures for everyone involved, including partners and customers
iso 2005
cdsn

Certificate of Compliance

CDSA - Content Delivery & Security Association

Vulnerability and Penetration Testing

Data security is great to talk about, but it’s only as strong as its weakest link. That’s why at Phonexa we have a preventative security plan that utilizes internal vigilance and external partners. These steps prepare our application to face even the most severe cyberattacks.

With a team of Certified Information Privacy Professionals armed with years of experience in cyber security, Phonexa is well-positioned to guard against any and all hacker threats.

vulnerability testing

Phonexa Security Measures

Feel secure with our multi-pronged security processes

internal testing
Internal Testing

The Phonexa team engages in weekly vulnerability assessments to make sure our application remains guarded against possible incursions. These preventative measures are conducted by our expert tech team, who stay continuously up-to-date on the latest cyber threats and defensive strategies.

securitypartners
Security Partners

Phonexa works with multiple external partners who perform critical penetration testing and other data security checks at specified intervals each year. By utilizing the expertise of established agencies like Trustwave and others, Phonexa reduces risk, protects data, and keeps our platform safe.

independent hackers
Independent Ethical Hackers

Phonexa works with multiple external partners who perform critical penetration testing and other data security checks at specified intervals each year. By utilizing the expertise of established agencies like Trustwave and others, Phonexa reduces risk, protects data, and keeps our platform safe.

partners rapid

Phonexa has partnered with Rapid7, a global leader in cyber security. Rapid7 works with Phonexa to perform monthly web application security scanning, providing visibility into the Phonexa web application’s vulnerabilities.

Get Your Personalised Demo Now

Book a Demo