Selecting a service provider today is getting more complicated. In addition to selecting a great product with excellent support and high availability, you also need to work with your legal, security, and privacy teams to ensure the data being shared is secured and managed consistent with requirements and applicable regulations. Whitepages Pro is committed to doing all of the above, which is why we underwent our first SOC 2 Type II audit in 2018 and why we were assessed across Security, Confidentiality, Availability, and Privacy – a much higher bar than our competitors.
Here are some of the changes we’ve implemented over the last year:
Whitepages Security Information and Event Management (SIEM) system takes logging events from its service and corporate environments across application, system, network, and database levels and provides the platform for analysis and alerting.
Whitepages SIEM is monitored 24/7 by a Managed Security Service Provider (MSSP). We’ve chosen one that’s a PCI Qualified Security Assessor company, and they provide round the clock review and escalation of SIEM events.
Role-Specific Security Training
Every engineer and IT professional at Whitepages undergoes role-specific security training at hire, and annually thereafter. For example, web developers take OWASP Top 10 and securing web applications training while infrastructure engineers take courses on securing AWS infrastructure and ethical hacking.
Security and Privacy Design Reviews
Whitepages abides by a formal Software Development Life Cycle (SDLC), which includes security and privacy reviews of every design specification.
In addition to user credentials, Whitepages VPN requires two separate things you have: 1) an expiring six-digit token, rotating every 30 seconds, 2) a certificate issued to the specific user attempting to login, and only issued directly to Whitepages owned and managed devices.
Web Application and Network Vulnerability Management
Whitepages continuously monitors its systems and networks for vulnerabilities through its SIEM and dedicated vulnerability scanners.
Third-Party Penetration Testing
Whitepages Pro undergoes annual third-party penetration testing for both web applications and network endpoints. Both reports are available to prospect customers upon request.
Third-Party Risk Assessment
Provided by a third-party PCI QSA, Whitepages undergoes an annual enterprise-wide risk assessment. These reports provide the basis for our security program improvements, and the results are continuously tracked through a security risk register.
The controls and processes above are just some highlights of our security and privacy programs. As a testament to their extent and maturity, we’re currently working with more than a quarter of the Fortune 100 and pass their third-party risk audit year after year. For more details on our programs, please visit our security page or contact us to receive our compliance package.