We keep your data secure.
You rely on Mobile Assistant to protect your audio, transcriptions, financial account information, personal details, and more.
For the last 25 years, Mobile Assistant has leveraged technology in a way that connects clients to its U.S.-based, human, professional transcriptionists to help solve the problem of how to accurately capture and document client meeting interactions.
Mobile Assistant recognizes that cybersecurity is an integral part of its business as customers expect and demand that the data that they entrust to Mobile Assistant is adequately protected regardless of whether that data is audio (voice recordings), transcriptions, financial account information, personal details, or any other information.
Mobile Assistant employs a security program based on the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27001 standard (ISO/IEC 27001:2013). Additionally, Mobile Assistant conducts third-party-led, annual assessments to ensure that customers’ cybersecurity expectations are met and that cybersecurity risks are controlled to an exceptional level. Mobile Assistant also conducts annual penetration tests and quarterly vulnerability assessments of its systems.
A comprehensive security program protects all systems and data. All Mobile Assistant written information security policy documents are reviewed at least annually by a team consisting of members from the Mobile Assistant Security and Compliance Advisory Council (SCAC) and human resources departments. The SCAC conducts an annual risk assessment and reviews risk regularly.
The following policies govern the program:
We maintain our systems and data in Microsoft Azure and Amazon’s AWS. Azure and AWS offer multi-layered security provided across physical data centers, infrastructure, and operations with cybersecurity experts actively monitoring to protect business assets and data.
Four levels of data classification are used for client data. Sensitive data is encrypted in transit and at rest, and access to this data must be approved by the appropriate owner before being granted, and once provisioned, access is logged and monitored.
Access to client data is limited to those with business need-to-know, including third parties and customers. Third-party access to confidential information is granted only on a need-to-know basis and only provided if an appropriate confidentiality agreement or non-disclosure agreement is in place.
We have a documented Incident Response Plan that facilitates the consistent implementation of the procedures necessary to detect and react to information security incidents, determine their scope and risk, respond appropriately to the incident, mitigate the risks, communicate the results to all stakeholders, and reduce the likelihood of the incident from reoccurring.
BUSINESS CONTINUITY & DISASTER RECOVERY
Business continuity & disaster recovery plans are documented and provide SOPs (standard operating procedures) for common scenarios.
AWARENESS & EDUCATION
Employees and transcriptionists participate in security awareness training quarterly. The company also tracks and monitors security awareness campaigns for employees throughout the year.