Security @ WorkWave

WorkWave actively monitors our systems for external and internal threats at the application, server and network levels through a dedicated security operations team.

We maintain and execute security incident response procedures in response to a wide variety of threats and work closely with our engineering and external security teams to identify and remediate vulnerabilities.

WorkWave has established policies and procedures to handle and respond to any potential security incidents that can affect WorkWave infrastructure and services in direct or indirect fashion.

Incident response procedures are tested and updated on an annual basis or when a major infrastructure change occurs.

WorkWave performs security audits on our internal and external environments.

Audits are performed by our in-house security team and credentialled third-party security vendors. Audit results are reviewed by WorkWave’s security committee. Reported vulnerabilities are prioritized, tracked and resolved to eliminate the risk of known vulnerabilities.

WorkWave has introduced ‘Privacy By Design’ and ‘Secure-By-Design’ methodologies into our product development lifecycle.

User privacy and security are evaluated during each stage of the development process to ensure only necessary data is collected to perform an application’s task.

We employ rigorous safeguards and security measures to provide a secure environment to you and your customers.

We employ a defense in depth strategy utilizing web application firewalls, multi-factor authentication, intrusion detection systems, audit and logging systems, restricted access controls and encrypted access tools.

All application endpoints employ network firewalls, web application firewalls, intrusion detection systems, DDOS mitigation, HTTPS TLS 1.2+ encryption and fully authenticated sessions to ensure the security of our applications.

Sensitive servers and systems are deployed to private networks, behind load balancers, network firewalls and proxy servers to reduce our security footprint.

We employ advanced logging and monitoring of network, system, OS, application, database and cloud events. Logs are stored separately from production systems to ensure their integrity. We log more than a billion events each day to ensure the performance and security of our systems.

WorkWave has established strict rules and processes around user access provisioning to minimize the risk of data exposure. WorkWave follows principles of least-privilege and role-based permissions when provisioning access.

User access audits are performed by the WorkWave Security team on regular intervals. Employees are required to use strong passwords with multi-factor authentication and SSO.

WorkWave controls access to its resources, including buildings, infrastructure and facilities. We provide employees, contractors, vendors and visitors with different access cards that only allow access strictly specific to the purpose of their entrance onto the premises.

WorkWave’s office building security monitors all entry and exit movements throughout our premises in all our business centers through CCTV cameras deployed according to local regulations.

Physical security of data centers are managed by data center and cloud providers including AWS, Google and others.

All WorkWave systems are highly available, employing redundant systems and networking to ensure continuous service in the event of failures.

In the event of a recovery event, WorkWave has defined DR plans to ensure a coordinated and quick response.

All databases are backed up and stored in 4 separate and encrypted physical locations to provide the highest resiliency against data corruption and ransomware threats.

Document storage is backed by Amazon’s S3 service to provide the highest levels of security, resiliency and availability.

WorkWave makes every effort to preserve the privacy of its users and customers. Our detailed privacy statement can be found here.

All production changes go through a rigorous and SOC-1 certified change management processes.

We frequently conduct vulnerability scans and penetration tests to improve the security of our cloud environments.

We follow ISO 27001, GDPR, CCPA, PCI DSS and SOC-1 guidelines for risk management, change management, data privacy and security.

WorkWave works with leading audit firms to certify our adherence to industry-standard compliance programs and regulations so you can have confidence that your company and customer data is secure and compliant.

Certifications: PCI DSS, SOC-1 Type 2, Soc-2 Type 2, Data Privacy Framework, GDPR

WorkWave has created a culture of security that covers all employees.

All employees are required to take security awareness training on a regular basis. Engineering and operations employees receive additional job/function-specific training and certification to be informed, adaptable and responsive to whatever risks may arise.

Each WorkWave employee undergoes a process of background verification. We hire reputable external agencies to perform this check on our behalf. We do this to verify criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to customers.

WorkWave utilizes third-party technology vendors to provide additional functionalities and software integrations. We take appropriate steps to ensure our security requirements are maintained by vendors at all times.

WorkWave evaluates vendor security at least annually.