Security and privacy with Pexip

• Pexip has formalized internal information security best practices and implemented the practices from the ISO/IEC 27001:2103 standard. 
• Pexip has formalised a management review of the information security management system and its performance.
• Pexip meets the requirements of relevant regulatory, contractual, and other legal obligations.
• Pexip is committed to meeting regulatory compliance with international laws and demonstrates worldwide recognition of excellence by employing an international framework with specific codes of practice.
• We are committed to proactively testing both our software solution and service to ensure they do not introduce any attack vectors to our customers’ networks.

The Pexip Infinity self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. Customers can run the entire meeting platform on-premises, in a private cloud of their choice, or using a hybrid between the two, benefitting from the security measures they already have in place as well as those implemented by their cloud provider.  Self-hosted solutions also allow customers to ensure they meet any compliance requirements on data storage and privacy. Read more about our encryption methodology for Pexip Infinity self-hosted services.

The Pexip Service leverages the best-in-class industry standards for communication encryption for meetings and end-user devices, ensuring that communication is secure and kept private. The service is operated and managed by Pexip using industry-leading facilities and includes multiple layers of security. These layers range from human and personnel security to compliance with relevant standards such as SOC2, SSAE16, and ISO 27001. Read more about our data and security compliance.

Visit www.pexip.com/security for more information and resources. 

The Pexip platform has been rigorously tested and certified

Beyond the application of our own secure development and testing practices, we have contracted with some of the most widely recognized third-party organizations to independently verify that our products conform to the most stringent requirements.  

Federal Information Processing Standard (FIPS) Publication 140-2

Pexip Infinity includes a FIPS 140-2 compliant encryption module. This allows public and private sector customers around the globe to reference a generally accepted process used to secure data within the Pexip Infinity platform. 

The Defense Information Systems Agency (DISA) certification

Pexip Infinity is a U.S. Department of Defense Information Network (DoDIN) Approved Products List (APL) certified product. The DoDIN APL process is maintained by The Defense Information Systems Agency (DISA), and managed by the Approved Products Certification Office (APCO) and provides a single, consolidated list of collaboration and communication products that have met cybersecurity and operation certification requirements. The Pexip Infinity platform has been rigorously tested against these requirements.

Enabling Health Insurance Portability and Accountability Act (HIPAA) compliance

Use of the Pexip Cloud videoconferencing service in healthcare applications enables full compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides guidance and imposes strict obligations on the collection, storage, use, and disclosure of Protected Health Information (PHI) pertaining to patient medical information. Parties subject to HIPAA compliance requirements must process patient medical data in such a way as to restrict access to authorized persons and protect patient privacy. 

Pexip keeps your privacy and protects your data

The Pexip service is developed and operated by highly skilled engineers in Norway, the UK, the US, and Australia and strictly follows our ISO 27001 certified information security policies. We do our utmost to make sure your data is private, protected, secure, and compliant with all relevant privacy regulations such as General Data Protection Regulation (GDPR)/EU Regulation 2016/679. 

Pexip’s sole purpose is to provide a secure and reliable conference platform for business to business communication. Pexip does not, and will not, sell personal data to other organizations. We use it only to provide a better service to customers. We do not and will not ever sell or share your data with third parties for commercial reasons. We make every effort possible to keep your information private. Read more about our commitment to privacy.