The following provides information on the Number Manager platform including network overview, data locations, data protection, monitoring and risk mitigation.

Platform Security – Number Manager

We use established systems and procedures to avoid security breaches and ensure recovery. Any data provided for processing is delivered and stored at designated locations with access restricted to authorised personnel.

Data locations

• Amazon S3 for service audio, call recordings, media and database backups and branding

• Amazon RDS for database information

• Amazon EC2 instances running MySQL Server

• Geo redundant Data Centres hold intermediary information which is then shipped to Amazon SQS for processing via processing servers.

For example : CDR data, call recordings, faxes etc.

• Geo redundant Data Centres hold a replica of the main Number Manager call control databases for resiliency, replication is conducted over a VPN for security.

Data Protection

In order to protect customer information, we have in place the following methods of protection:

• Policy based access control

• Domain Controller Policy for any restriction

• Logging mechanism on the Policy Servers for auditing

• Secure Sockets Layer Virtual Private Network Implementation

• Monitored Firewall protection

• Malware protection on all platforms

• Encryption on data at rest and at point of use

• Ongoing backups

• Auditing for data integrity on an ongoing basis

• Information Backups

• We retain backups for a maximum of one year. Upon receiving a request to remove data, this will be completed by removing all reference and data from the production environment. The full deletion of this data will be achieved after the retention period stated above has been reached.

Network

AWS servers are mostly in a single VPC with high grade security. All servers are geographically redundant and with full redundancy at each data centre.

Access to Aurora servers is conducted over SSH and only accessible from white-listed addresses from the AWS VPN. Access to AWS servers is also conducted over SSH.

User access to the AWS account is done using IAM roles with each user having 2FA enabled to access the AWS console. DOS and DDOS protection

Services are protected from DOS attacks by controlling and monitoring throughput and load on connections and processes. DDOS protection is implemented on the ISP level to avoid link saturation as a result of large scale DDOS attack.

Risk Mitigation

Cloud Formation AWS automation, for new instance creation. Servers are rebuilt on every new deployment, so the latest components are provided on each release greatly mitigating risk. Data Centres hold a replica of the main Number Manager call control databases for resiliency. Backups are performed daily.

Replication is conducted over a VPN for security. Number Manager call control platform has a high level of security with no public access, however, we still mitigate risk by having offsite backups and would resolve by the same methods as Number Manager. Server automation to destroy and rebuild. AWS servers if hacked would not affect call traffic.

Response in the case of Incidents

Incidents reported by platform users and partners are examined by support team and, when severity requires, immediately escalated to Security and System and Network Administration teams, to person on duty.

Monitoring and System Audit Logs

Network monitoring is in place to ensure voice network availability with each SBC and media server receiving a test call every 60 seconds 24x7x365 and generating alerts if any network failures are detected.

Telcode makes logs of the following events:

• Login Attempts (successful or not)

• Access to web portal components