At Deepgram, our employees and contractors all recognize that protecting company and client information is everyone's responsibility. One of the benefits of being a small organization is that new information, changes to policies or procedures, emerging potential external threats, and new tools can be communicated, implemented, and trained on quickly.
Physical Security Standards
Our servers are hosted on Microsoft Azure, which provides robust physical data security and environmental controls. We assess and test any environments where data may be transmitted or stored to ensure they meet our security standards.
We securely encrypt any sensitive or confidential information (including PHI and PCI data) that we store or transmit over an electronic communications network to guard against unauthorized access. Encryption technology renders data unusable, unreadable, and indecipherable to unauthorized individuals.
We use hardened systems, secured environments, and role-based access control to ensure that customer data is protected from unauthorized access. All access to our systems are tightly controlled, locked down, and we utilize two-factor authentication along with industry best practice encryption algorithms.
Our application servers are secured behind industry-standard firewalls with restricted ports. Passwords are encrypted in transit and stored hashed. We ensure that our internal network is maintained correctly with vulnerability and patch management. We scan our code for vulnerabilities before each release deployment into production.
Incident Response, Disaster Recovery & Business Continuity
We have well-defined incident response and disaster recovery policies. We perform daily backups. In the unlikely event that any unauthorized access is alerted through our monitoring tools, Deepgram staff will:
- Activate the Incident Response Plan and assemble response team members
- Immediately reset all relevant passwords and revoke relevant keys, if applicable to the situation.
- Notify Deepgram's Engineering, Product, and Customer Success teams
- Notify affected customers (if impacted) of the intrusion and if/how their data was compromised, and provide timely updates on progress.
- Conduct an assessment to identify the source of the breach and attain any necessary third-party to assist with forensics as required.
- Define system or process improvement tasks to avoid incidents in the future.
- Communicate affected customers (if impacted) of the improvement plan and update customers as improvements are deployed.
We maintain a business continuity plan that is tested and revised as necessary and at least annually.
Security, Privacy & Compliance
We provide on-going training for our employees for all information security policies and practices, and maintain disciplinary measures for violations of our policies and procedures. Additionally, our team maintains and follows a process for onboarding and offboarding, including providing only least-privilege access when deemed appropriate for job function, otherwise known as role-based access control.
We maintain HIPAA Compliance and are PCI Compliant; thus, we adhere to the requirements throughout the year, which includes a list of checks, obligations, and independent audits for verification.
If you have questions or comments regarding Deepgram's Information Security initiative, contact us.