| Html |
|---|
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script> |
...
| Info |
|---|
This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR. Updated: October 2020 Permalink: https://confluence.wildix.com/x/QgBuAQ |
Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.
...
Vulnerabilities and questions about privacy must be communicated using the following email security@wildix.com, we have a Vulnerability Reward Program in place. The reward will depend on the importance of the problem found.
Reasons to contact us at security@wildix.com:
I’m experiencing a security problem with my Wildix account
I want to report a technical security bug in a Wildix product (WMS, Collaboration, WMP, Kite, Wizyconf, WP, iOS / Android Wildix apps)
I have a privacy doubt or a privacy-related question about Wildix products and services
...
Added an option to auto-delete CDR, chats / Kite chats, voicemails and call recordings in WMS Settings -> PBX -> Call and chat history after a period of time (WMS-4090; WMS-4084)
GDPR - Right to be forgotten
- Added the possibility to delete all contacts from the phonebook in WMS -> Users -> Phonebooks (WMS-3901)
GDPR - Right to be forgotten
...
| Questions | Answers |
|---|---|
What method is used to secure archive historic material and data? | Automatic backups configuration. Note: Consult WMS Start Guide for details. |
How the system is restored (either from backup or a rebuild from scratch) to a known working state? |
|
How do you secureagainst:
| Wildix advices to activate 5 years warranty. |
How the data is destroyed when no longer needed and what data retention periods areobserved? |
|
System Web Security
| Questions | Answers |
|---|---|
What data does the system store? | Chat history and calls stats inCDR-View. |
What User Generated Content does the system collect and/ or host? |
Note: Chat, calls or phonebooksmodification can be forbidden by ACLrules. |
Are users required to login? Is this login over a secure link? | Yes, users are required to login, login via HTTPS. |
What are other data transfers/ connections between users' browsers and the system? | Check the doc Ports used by Wildix services. |
From which solution stack does the system consist? | Check the doc Legal Notice PBX. |
What is your approach for identifying applicable security patches and applying the system? | Full security package with recurrent licences: Wildix Technical Support - Service Level Agreement. |
What processes do you have in place to minimise the risk of these issues according to OWASP list:
| The processes are present in Wildix Technical Support - Service Level Agreement. |
Are any vulnerability scanning or penetration testing carried out? | Penetration tests are performed yearly and security reports summaries are released on request after signing an NDA to existing customers. |
How have you ensured the data links to the web server are adequate for traffic volumes anticipated? Have you tested under anticipated load? |
|
| Html |
|---|
<div class="fb-like" data-href="https://confluence.wildix.com/x/QgBuAQ" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
...