Skip to content

Security and privacy with Pexip

At Pexip, trust is core to what we do. We know that unless you can trust us to handle privacy and security in a good way, our business is foundationless.

Every day, we work with large and complex organizations, handling their sensitive data at unprecedented rates.

We have learned that there are two key ingredients necessary to build and maintain a solid foundation of trust with our clients.
  1. Establish the right corporate culture

Our corporate culture is built on a strong sense of responsibility to ensure the privacy and security of our customers. This means that we respect the trust that we are given and even invite customers to audit their own data, as well as Pexip’s privacy and security practices. As a vendor, we see ourselves as an extended arm of your company, tasked to deliver a collaboration solution that is both high quality and secure. 

  1. Build the right solutions

All clients have high expectations when it comes to privacy and security, but some have a bit higher than others, such as healthcare, finance, and government, where regulations are typically more stringent. This demands greater choice in solutions, to meet the individual needs of companies. Pexip can be deployed in any way that suits your organization’s technology and infrastructure requirements.

 

Pexip is committed to upholding high standards of information security, privacy and transparency for its customers, partners and employees.

We offer security-first, enterprise-grade video conferencing solutions using industry-standard encryption and security protocols to maintain privacy and security. Compliance and certifications of the Pexip solution include:

  • GDPR (EU Regulation 2016/679) compliance 
  • ISO/IEC 27001:2013 certification 
  • DISA certification
  • Federal Information Processing Standard (FIPS) Publication 140-2 compliance
  • Enabling Health Insurance Portability and Accountability Act (HIPAA) compliance
  • SOC2/SSAE16 compliant data centers

 

Our Pexip Information Security Management System (ISMS) is developed and maintained according to the ISO/IEC 27001:2013 standard and audited by DNV. This means:

  • Pexip has formalized internal information security best practices and implemented the practices from the ISO/IEC 27001:2103 standard. 
  • Pexip has formalised a management review of the information security management system and its performance.
  • Pexip meets the requirements of relevant regulatory, contractual, and other legal obligations.
  • Pexip is committed to meeting regulatory compliance with international laws and demonstrates worldwide recognition of excellence by employing an international framework with specific codes of practice.
  • We are committed to proactively testing both our software solution and service to ensure they do not introduce any attack vectors to our customers’ networks.

 

Security-first enterprise solutions

The Pexip Infinity self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. Customers can run the entire meeting platform on-premises, in a private cloud of their choice, or using a hybrid between the two, benefitting from the security measures they already have in place as well as those implemented by their cloud provider.  Self-hosted solutions also allow customers to ensure they meet any compliance requirements on data storage and privacy. Read more about our encryption methodology for Pexip Infinity self-hosted services.

The Pexip Service leverages the best-in-class industry standards for communication encryption for meetings and end-user devices, ensuring that communication is secure and kept private. The service is operated and managed by Pexip using industry-leading facilities and includes multiple layers of security. These layers range from human and personnel security to compliance with relevant standards such as SOC2, SSAE16, and ISO 27001. Read more about our data and security compliance.

Visit www.pexip.com/security for more information and resources. 

 

 

The Pexip platform has been rigorously tested and certified

Beyond the application of our own secure development and testing practices, we have contracted with some of the most widely recognized third-party organizations to independently verify that our products conform to the most stringent requirements.  

Federal Information Processing Standard (FIPS) Publication 140-2

Pexip Infinity includes a FIPS 140-2 compliant encryption module. This allows public and private sector customers around the globe to reference a generally accepted process used to secure data within the Pexip Infinity platform. 

The Defense Information Systems Agency (DISA) certification

Pexip Infinity is a U.S. Department of Defense Information Network (DoDIN) Approved Products List (APL) certified product. The DoDIN APL process is maintained by The Defense Information Systems Agency (DISA), and managed by the Approved Products Certification Office (APCO) and provides a single, consolidated list of collaboration and communication products that have met cybersecurity and operation certification requirements. The Pexip Infinity platform has been rigorously tested against these requirements.

Enabling Health Insurance Portability and Accountability Act (HIPAA) compliance

Use of the Pexip Cloud videoconferencing service in healthcare applications enables full compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides guidance and imposes strict obligations on the collection, storage, use, and disclosure of Protected Health Information (PHI) pertaining to patient medical information. Parties subject to HIPAA compliance requirements must process patient medical data in such a way as to restrict access to authorized persons and protect patient privacy. 

Pexip keeps your privacy and protects your data

The Pexip service is developed and operated by highly skilled engineers in Norway, the UK, the US, and Australia and strictly follows our ISO 27001 certified information security policies. We do our utmost to make sure your data is private, protected, secure, and compliant with all relevant privacy regulations such as General Data Protection Regulation (GDPR)/EU Regulation 2016/679. 

Pexip’s sole purpose is to provide a secure and reliable conference platform for business to business communication. Pexip does not, and will not, sell personal data to other organizations. We use it only to provide a better service to customers. We do not and will not ever sell or share your data with third parties for commercial reasons. We make every effort possible to keep your information private. Read more about our commitment to privacy.