Join any meeting from Microsoft Teams Rooms. Available now

Pexip's approach to security and privacy

pexips-approach-to-security-hero-herader

The key ingredients to build and maintain a solid foundation of trust with our clients

 

1. Establish the right corporate culture

 

Our corporate culture is built on a strong sense of responsibility to ensure the privacy and security of our customers. This means that we respect the trust that we are given and even invite customers to audit their own data, as well as Pexip’s privacy and security practices. As a vendor, we see ourselves as an extended arm of your company, tasked to deliver a collaboration solution that is both high quality and secure.

 

2. Build the right solutions

 

All clients have high expectations when it comes to privacy and security, but some have a bit higher than others, such as healthcare, finance, and government, where regulations are typically more stringent. This demands greater choice in solutions, to meet the individual needs of companies. Pexip can be deployed in any way that suits your organization’s technology and infrastructure requirements.

Security-first enterprise solutions

We offer security-first, enterprise-grade video conferencing solutions using industry-standard encryption and security protocols to maintain privacy and security.

Pexip Infinity, self-hosted

Pexip Infinity supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. Customers can run the entire meeting platform on-premises, in a private cloud of their choice, or using a hybrid between the two, benefitting from the security measures they already have in place as well as those implemented by their cloud provider.  Self-hosted solutions also allow customers to ensure they meet any compliance requirements on data storage and privacy. 

 

Read more about our encryption methodology for Pexip Infinity self-hosted services.

Pexip Service, as a service

Pexip Service leverages the best-in-class industry standards for communication encryption for meetings and end-user devices, ensuring that communication is secure and kept private. The service is operated and managed by Pexip using industry-leading facilities and includes multiple layers of security. These layers range from human and personnel security to compliance with relevant standards such as SOC2, SSAE16, and ISO 27001. 

 

Read more about our data and security compliance.

Committed to upholding high standards of information security, privacy and transparency

Compliance and certifications of the Pexip solution include:

  • GDPR (EU Regulation 2016/679) compliance
  • ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, and ISO/IEC 27701:2019 certification
  • DISA certification
  • Federal Information Processing Standard (FIPS) Publication 140-2 compliance
  • Enabling Health Insurance Portability and Accountability Act (HIPAA) compliance
  • SOC2/SSAE16 compliant data centers
security certifications diagram

Pexip has been rigorously tested and certified

 

Beyond the application of our own secure development and testing practices, we have contracted with some of the most widely recognized third-party organizations to independently verify that our products conform to the most stringent requirements.  

 

 

Federal Information Processing Standard (FIPS) Publication 140-2

 

Pexip Infinity includes a FIPS 140-2 compliant encryption module. This allows public and private sector customers around the globe to reference a generally accepted process used to secure data within the Pexip Infinity platform. 

 

 

The Defense Information Systems Agency (DISA) certification

 

Pexip Infinity is a U.S. Department of Defense Information Network (DoDIN) Approved Products List (APL) certified product. The DoDIN APL process is maintained by The Defense Information Systems Agency (DISA), and managed by the Approved Products Certification Office (APCO) and provides a single, consolidated list of collaboration and communication products that have met cybersecurity and operation certification requirements. The Pexip Infinity platform has been rigorously tested against these requirements.

 

 

Enabling Health Insurance Portability and Accountability Act (HIPAA) compliance

 

Use of the Pexip Cloud videoconferencing service in healthcare applications enables full compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides guidance and imposes strict obligations on the collection, storage, use, and disclosure of Protected Health Information (PHI) pertaining to patient medical information. Parties subject to HIPAA compliance requirements must process patient medical data in such a way as to restrict access to authorized persons and protect patient privacy. 

 

 

Pexip keeps your privacy and protects your data

 

The Pexip service is developed and operated by highly skilled engineers in Norway, the UK, the US, and Australia and strictly follows our ISO 27001 certified information security policies. We do our utmost to make sure your data is private, protected, secure, and compliant with all relevant privacy regulations such as General Data Protection Regulation (GDPR)/EU Regulation 2016/679. 

 

Pexip’s sole purpose is to provide a secure and reliable conference platform for business to business communication. Pexip does not, and will not, sell personal data to other organizations. We use it only to provide a better service to customers. We do not and will not ever sell or share your data with third parties for commercial reasons. We make every effort possible to keep your information private. Read more about our commitment to privacy.