Security and privacy with Pexip

 

Pexip is committed to upholding high standards of information security, privacy and transparency for its customers, partners and employees.

The company offers security-first, enterprise-grade video conferencing solutions using industry-standard encryption and security protocols to maintain privacy and security. Compliance and certifications of the Pexip solution include:

  • GDPR (EU Regulation 2016/679) compliance 
  • ISO/IEC 27001:2013 certification 
  • U.S. Department of Defense (DoD) Joint Interoperability Test Command (JITC) certification
  • Federal Information Processing Standard (FIPS) Publication 140-2 compliance
  • Health Insurance Portability and Accountability Act (HIPAA) compliance
  • SOC2/SSAE16 compliant data centers

 

Our Pexip Information Security Management System (ISMS) is developed and maintained according to the ISO/IEC 27001:2013 standard and audited by DNV GL. This means:

  • Pexip has formalized internal information security best practices and implemented the practices from the ISO/IEC 27001:2103 standard. 
  • Pexip has formalised a management review of the information security management system and its performance.
  • Pexip meets the requirements of relevant regulatory, contractual, and other legal obligations.
  • Pexip is committed to meeting regulatory compliance with international laws and demonstrates worldwide recognition of excellence by employing an international framework with specific codes of practice.
  • We are committed to proactively testing both our software solution and service to ensure they do not introduce any attack vectors to our customers’ networks.

 

Security-first enterprise solutions

The Pexip Infinity self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. Customers can run the entire meeting platform on-premises, in a private cloud of their choice, or using a hybrid between the two, benefitting from the security measures they already have in place as well as those implemented by their cloud provider.  Self-hosted solutions also allow customers to ensure they meet any compliance requirements on data storage and privacy. Read more about our encryption methodology for Pexip Infinity self-hosted services.

The Pexip Service leverages the best-in-class industry standards for communication encryption for meetings and end-user devices, ensuring that communication is secure and kept private. The service is operated and managed by Pexip using industry-leading facilities and includes multiple layers of security. These layers range from human and personnel security to compliance with relevant standards such as SOC2, SSAE16, and ISO 27001. Read more about our data and security compliance.

Visit www.pexip.com/security for more information and resources. 

 

 

The Pexip platform has been rigorously tested and certified

Beyond the application of our own secure development and testing practices, we have contracted with some of the most widely recognized third-party organizations to independently verify that our products conform to the most stringent requirements.  

U.S. Department of Defense (DoD) Joint Interoperability Test Command (JITC)

Pexip Infinity is a U.S. Department of Defense (DoD) Joint Interoperability Test Command (JITC) certified product.  The Pexip Infinity platform has been rigorously tested against cyber security and interoperability (IO) requirements to ensure the system not only protects the integrity of the networks on which it is installed but will fully interoperate with all other Unified Capabilities (UC) platforms already installed on customer networks.

Federal Information Processing Standard (FIPS) Publication 140-2

Pexip Infinity includes a FIPS 140-2 compliant encryption module. This allows public and private sector customers around the globe to reference a generally accepted process used to secure data within the Pexip Infinity platform. 

Health Insurance Portability and Accountability Act (HIPAA)

Use of the Pexip Cloud videoconferencing service in health care applications is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides guidance and imposes strict obligations on the collection, storage, use, and disclosure of Protected Health Information (PHI) pertaining to patient medical information. Parties subject to HIPAA compliance requirements must process patient medical data in such a way as to restrict access to authorized persons and protect patient privacy. 

Pexip keeps your privacy and protects your data

The Pexip service is developed and operated by highly skilled engineers in Norway, the UK, the US, and Australia and strictly follows our ISO 27001 certified information security policies. We do our utmost to make sure your data is private, protected, secure, and compliant with all relevant privacy regulations such as General Data Protection Regulation (GDPR)/EU Regulation 2016/679. 

Pexip’s sole purpose is to provide a secure and reliable conference platform for business to business communication. Pexip does not, and will not, sell personal data to other organizations. We use it only to provide a better service to customers. We do not and will not ever sell or share your data with third parties for commercial reasons. We make every effort possible to keep your information private. Read more about our commitment to privacy.