Information Security Overview

Last Updated Date: June 27, 2023

SonoSim Inc. (“SonoSim, “we”, “our”, “us”) is committed to protect the confidentiality, integrity, availability and security of all of its information systems and assets against new and existing cybersecurity threats. SonoSim and its management team expects all employees and users with access to SonoSim’s infrastructure and systems to continuously improve and maintain the security of assets and customer data to the best of their abilities. This includes following a rigorous software development process, change management process, and maintaining a detailed incident response and disaster recovery plan.

Physical Security of SonoSim Information Systems

SonoSim servers are hosted on Amazon Web Services (AWS). AWS data centers are designed with security in mind. AWS is ISO 27001 and FedRAMP/FISMA certified and can provide reports for SOC 1, 2, and 3. AWS provides physical data center access only to approved employees. All employees who need data center access must first apply for access and provide a valid business justification. Once access is granted, individuals are restricted only to areas specified in their permission. AWS strictly controls access to both at the perimeter and at the building ingress points by professional security staff utilizing CCTV systems and intrusion detection.

To learn more about AWS Physical security controls visit:

https://aws.amazon.com/compliance/data-center/controls/

Network Security

SonoSim systems communicate using HTTPS and TLS protocols to secure data in transit. Network security is defined with security in mind, utilizing least privileged access methodology in mind following industry best practices. All access is logged and retained for a minimum of 90 days. Server access is only granted to a selected group of SonoSim employees based on roles or business needs and access to servers are monitored.

Authentication

SonoSim has partnered with Auth0 for identity access management purposes. Auth0 is ISO27001, SOC 2 Type II, ISO 27018, HIPAA BAA, Gold CSA Start, and GDPR compliant. Auth0 provides a state-of-the-art authentication security approach. Authentication is only performed over secure HTTPS connections, credentials are run through a bcrypt algorithm to securely hash and salt passwords, and AES-256 encryption is applied to all customer data stored at rest. Brute force protection, suspicious IP throttling, and monitoring for use of breached passwords and bot detection are enabled to further secure SonoSim’s member accounts.

SonoSim Members can enable Multi-Factor Authentication (MFA) for an added layer of account security. SonoSim web applications support the use of authenticator apps with One-Time Passcodes (OTP).

Development Practices

SonoSim product development teams utilize security best practices throughout the software development life cycle. SonoSim managed systems are kept up to date with the latest security patches and monitored for suspicious activity and potential impacts to availability. Development teams have well-established practices to quickly and easily deploy software changes and improvements with minimal downtime. Software applications are periodically reviewed and scanned for security vulnerabilities by internal teams and automated processes. An external team of software security experts performs a cybersecurity audit of SonoSim’s information systems, applications, and services annually.

Data Security & Privacy

SonoSim is committed to safeguarding the privacy of its customers and the personal information entrusted to them. Data is encrypted in transit using HTTPS and TLS 1.2. Data is encrypted at rest using AES-256.

See SonoSim’s privacy policy in its entirety at https://sonosim.com/privacy-policy

See SonoSim’s End User Agreement at https://sonosim.com/end-user-agreement

See SonoSim’s Terms of Service at https://sonosim.com/terms-of-service