At Fuze, information security and the safeguarding of our customers data are at the forefront of our operational and development processes.

  • SOC 1
    SOC 1 (Type Ⅱ)
  • SOC 2
    SOC 2 (Type Ⅱ)
  • Fuze's ISMS is ISO27001 certified
  • HIPAA Health Insurance Portability and Accountability Act
    HIPAA Health Insurance Portability and Accountability Act
  • CSA Star
  • Veracode
  • ISAE 3402

In addition to annual required Information Security Training for all Fuze employees and contractors, Fuze:

  • Completes background

    Completes background checks on all Fuze employees and contractors.

  • Security Officer and team of Security Analysts

    Maintains a dedicated Security Officer and team of Security Analysts to provide oversight, auditing, and compliance activities.

  • <Strong physical security

    Relies on Tier III, audited, and certified data center providers with the highest levels of operational excellence to ensure strong physical security of all Fuze data center assets.

  • Maintins multiple levels of network security

    Implements and maintains multiple levels of network security, including firewalls, intrusion detection and prevention systems (IPS), and DDoS mitigation solutions.

  • >Routine internal audits

    Performs annual audit activities, through an independent firm, on all IT security and operational controls, ensuring SSAE18 SOC2 Type II and HIPAA compliance for all Fuze systems. Security controls are also audited against HITRUST framework to ensure compliance.

  • Scan assets

    Fuze's ISMS is ISO27001 certified

  • Scan assets

    Security team performs weekly internal vulnerability scans of all Fuze assets and meets with operations weekly to address all critical vulnerabilities in a timely manner.

  • Automated source code scanning

    Employs automated source-code scanning on a regular basis to minimize the risk of vulnerabilities that may be introduced early in the development/deployment lifecycle.

  • External security vendors

    Engages with external security vendors at least annually to perform advanced penetration testing on our network, servers, and applications.

  • Protect malicious access

    All Fuze employee computers utilize anti-virus software, regimented patch management, and full disk encryption software to further protect malicious access to corporate or customer data.

  • Prevent illegal robocalls

    Fuze implements a robocall mitigation program that helps to prevent illegal robocalls from originating on its network and prevents other carriers from blocking Fuze traffic while full STIR/SHAKEN technology implementation is underway.

Responsible Disclosure:

Fuze understands the important role that security researchers play in keeping our systems and software secure. In the event that you discover a vulnerability in a Fuze product, please review our guidelines below for responsible disclosure and contact us immediately at Fuze will respond to all inquiries within 24 hours, and will continue to follow up with the individual to inform them of estimated time to resolution, and again when the vulnerability has been addressed.

Responsible Disclosure Guidelines:

  • Please include a detailed description of the identified discovery with specific testing information and/or reproducible steps which outline the finding in detail.
  • Do not publish the details of the issue in any public or private forum.
  • Do not share the details of the vulnerability with others until Fuze has had the opportunity to resolve the vulnerability.
  • Your testing must not violate any law, or damage, delete, or corrupt any data which you do not own.
  • Please do not perform any activities which may negatively impact the Fuze platform and/or users, such as Brute Force or Denial of Service attacks.

The Fuze Security Commitment:

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the Fuze security team and associated development organizations will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report
  • Provide an estimated time frame for addressing the vulnerability report
  • Notify you when the vulnerability has been fixed

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Fuze.