SOC 2 Type II Certification

1. Overview

ProtoVoice maintains SOC 2 Type II certification, demonstrating our commitment to the highest standards of security, availability, processing integrity, confidentiality, and privacy. Our certification is issued by an independent third-party auditor and covers our AI voice agent platform, infrastructure, and operational processes.

2. What is SOC 2?

SOC 2 (Service Organization Control 2) is an auditing framework developed by the American Institute of Certified Public Accountants (AICPA). It evaluates how service providers manage customer data based on five Trust Services Criteria. SOC 2 Type II specifically examines the operational effectiveness of these controls over a minimum period of six months, providing assurance that security practices are not just designed well but are consistently followed.

3. Trust Services Criteria

• Security: Protection against unauthorized access, both physical and logical. We implement firewalls, intrusion detection, multi-factor authentication, and encryption.
• Availability: Systems are operational and accessible as committed. We maintain 99.9% uptime SLA with redundant infrastructure and disaster recovery.
• Processing Integrity: System processing is complete, valid, accurate, timely, and authorized. Our AI agents process calls correctly and consistently.
• Confidentiality: Information designated as confidential is protected. Customer data, call recordings, and business information are encrypted and access-controlled.
• Privacy: Personal information is collected, used, retained, disclosed, and disposed of in accordance with our privacy commitments.

4. Audit Scope

• ProtoVoice AI voice agent platform and APIs
• Call processing and recording infrastructure
• Customer dashboard and management interfaces
• Data storage and backup systems
• Employee access controls and authentication systems
• Incident response and monitoring procedures
• Vendor management and third-party integrations
• Change management and deployment processes

5. Security Controls

• Network Security: Firewalls, WAF, DDoS protection, and network segmentation isolate and protect customer data.
• Access Management: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege.
• Encryption: AES-256 encryption at rest, TLS 1.3 in transit, and secure key management using HSMs.
• Monitoring: 24/7 security monitoring, SIEM integration, and automated alerting for anomalies.
• Vulnerability Management: Regular vulnerability scanning, penetration testing, and timely patching.
• Endpoint Security: All employee devices have endpoint detection and response (EDR) solutions.

6. Availability Controls

• Multi-Region Deployment: Infrastructure spans multiple geographic regions for redundancy.
• Auto-Scaling: Systems automatically scale to handle traffic spikes without degradation.
• Load Balancing: Traffic is distributed across multiple servers to prevent single points of failure.
• Disaster Recovery: Documented DR procedures with regular testing and sub-4-hour RTO.
• Backup Systems: Automated daily backups with point-in-time recovery capabilities.
• Uptime Monitoring: Real-time monitoring with automated failover and incident response.

7. Operational Controls

• Change Management: All changes go through documented review, testing, and approval processes.
• Incident Response: Defined procedures for identifying, responding to, and recovering from incidents.
• Business Continuity: Documented plans ensuring critical operations continue during disruptions.
• Employee Training: Regular security awareness training for all employees.
• Background Checks: Pre-employment screening for employees with access to customer data.
• Vendor Management: Third-party vendors are assessed for security and compliance.

8. Continuous Monitoring

SOC 2 Type II certification requires ongoing compliance, not just a point-in-time assessment. ProtoVoice maintains continuous monitoring through automated compliance tools, regular internal audits, and annual third-party assessments. Our security team reviews controls monthly and addresses any identified gaps immediately.

9. Requesting Audit Reports

SOC 2 Type II audit reports are available to customers and prospective customers under a Non-Disclosure Agreement (NDA). These reports provide detailed information about our control environment, test procedures, and results. To request a copy of our latest SOC 2 Type II report, contact our security team at compliance@protovoice.ai.

10. Complementary Certifications

• HIPAA Compliance: For healthcare customers handling Protected Health Information.
• PCI DSS: Secure payment processing through certified partners.
• GDPR Compliance: Data protection for European customers.
• CCPA Compliance: California consumer privacy rights.

11. Contact Security Team

For questions about our SOC 2 certification, to request audit reports, or to discuss your security requirements, contact our Security Team at compliance@protovoice.ai or write to: ProtoVoice, Inc., Attn: Security & Compliance, 7975 N Hayden Rd STE A210, Scottsdale, Arizona 85258.