Keep Your Conversations Secure

Chorus Security, Best Practices, and Certifications.

Enterprise-Level Security Standards. For Everyone.

At Chorus, we take security very seriously. Customer conversations are one of the most valuable assets for a business and need to be treated with utmost care. This was one of the reasons Chorus built all its technology in house instead of outsourcing or whitelabling elements like transcription to smaller partners whose stack could be more vulnerable to breaches.

Chorus hosts its software on Amazon Web Services (AWS) and leverages Amazon facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 2, Type 2 and ISO 27001. See Amazon's compliance and security documents for more detailed information.

Also all of Chorus’s servers are located within Chorus’s own virtual private cloud, and do not allow external connections from untrusted sources. Our software infrastructure is updated regularly with the latest security patches.

The Highest Standard of Compliance

SOC2 TYPE2

Chorus undergoes a SOC 2 Type 2 examination of our security controls against the AICPA defined standards on an annual basis with a third-party audit firm, Ernst & Young Global Limited, to ensure the security of our platform and its supporting infrastructure.

GDPR READINESS

Chorus is committed to ensuring ongoing compliance with the General Data Protection Regulation (GDPR). With Chorus’s GDPR-compliant flows you ensure that any meeting attendee is made completely aware of call recording and they also provide their explicit consent for it.

PRIVACY SHIELD

Chorus complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. This ensures that Chorus maintains the highest standards in data protection when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Trust data security

Data Security

When you become a Chorus customer, all your data is treated with the highest security standards. Any data as well as any connections you make while accessing Chorus are completely secure.

  • Recordings, transcripts, and analytics are encrypted in transit with either TLS or HTTPS
  • All connections with the Chorus app are encrypted using SSL
  • Any attempt to connect over HTTP is redirected to HTTPS
  • Sensitive data such as deploy keys for source control tools are encrypted at rest
  • Encryption key management is secured using a combination of Amazon Key Management Services (KMS) and Hashicorp Vault
Trust application security

Application Security

Chorus develops its application by following security best practices like OWASP for Python. All Chorus employees undergo continuous education and training on secure product development, testing, and deployment practices.

  • Support multiple Single Sign-On (SSO) providers, via OAuth2 and SAML, such as Salesforce, Google, Microsoft, and Okta
  • Where SSO is not an option, Chorus login requires strong passwords
  • User passwords are salted, irreversibly hashed, and stored in Chorus’s database
  • We actively manage access to all protected information assets and system changes
  • Least privilege and segregation of duties used to determine access
  • Internal penetration testing performed at least once each quarter, and external third-party testing at least once a year
Trust development process

Secure Development Process

At Chorus, code development is done through a documented SDLC process which includes guidance on how code is tested, reviewed, and promoted to production. We use a foolproof process across the entire lifecycle which includes:

  • Code peer reviews before it is committed to the master code branch of the Chorus application
  • Functional and unit testing using automated tools that are efficient and secure
  • Automatic Static and Dynamic Application Security Testing, License Management Testing, and Dependency Scanning as part of the Continuous Integration pipeline
Trust corporate security

Corporate Security Standards

Security isn’t just about proofing one’s technology and infrastructure. It’s also about human behavior. Chorus takes multiple steps to ensure that elaborate security policies are maintained, communicated, and followed across the board — by employees and partners.

  • New contractors and employees are required to pass a background check and sign confidentiality agreements
  • Chorus new-hires complete security training as part of the entry into the organization
  • Employees receive routine security awareness training and confirm adherence to Company security policies
  • Employees are reminded of security best practices through informal and formal communications
  • Chorus’ vendor management program ensures that third-parties comply with an expected level of security controls

Are You Ready to Experience Chorus?

Start driving tangible performance improvements in your Revenue Org today.