A financial services company is a lucrative target for hackers and other bad actors seeking to steal the personal and confidential information entrusted to you by your customers. That’s why we protect our platform using AWS security and are committed to securing data to the highest possible standard. This includes:
- Associating files, photos and videos with unique rooms, encrypted and stored on AWS S3 (AES algorithm and 256-bit keys).
- Encrypting data in transit using HTTPS with TLS v1.2.
- Encrypting video and audio communications using AES-128, using Elliptic Curve Cryptography (ECDHE_ECDSA algorithm) for key exchanges.
Liveoak leverages continuous integration, delivery, and deployment concepts to reduce development and deployment risk enabling us to quickly adapt to business requirements and user needs.
Liveoak proactively reduces risk by redacting sensitive information on a regular, scheduled basis based on customers requirements. The open extensible architecture can adopt SSO or other security requirements as needed. Liveoak uses tiered admin roles and each user is individually provisioned. Password settings are configurable with options to match each client’s specific business and regulatory requirements.
Certifications & Processes
Liveoak has successfully completed information security reviews at several Top 50 Global Financial institutions. Our platform and processes are Type II SOC 2 certified (formerly SAS 70) by the American Institute of CPAs (AICPA). The Type II SOC 2 is a third party audit that provides assurance to customers of service organizations that business practices meet Trust Principles and Criteria (TSP) standards: security, integrity, availability, confidentiality and privacy.
- Background checks for all prospective employees and suppliers
- Annual security training for all employees
- Training for engineers to ensure coding is done securely, with regular security audits
- Yearly reviews by third party auditors to ensure our systems and processes remain vigilant
Liveoak is HIPAA Rule Security Compliant. The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI).