Platform Security Overview

Encryption

N
SASBOSS web interfaces use SSL/TLS to ensure all communications with partners and customers is encrypted
N
Broadworks Web applications such as Receptionist Console operate over HTTPS
N
Encrypted call signalling protocol SIP-TLS is available for SIP Trunk products on demand
N
Instant messages, presence and desktop sharing are encrypted over SSL
N

Encrypted media is available for SIP Trunk products via sRTP protocol when SIP-TLS is enforced

N

Device Management Systems use HTTPS protocol to provision supported devices

N
Microsoft Teams calling interconnection is using MTLS to establish secure SIP communications while media is encrypted using sRTP
~

Physical Security

Access4 servers are hosted in highly secure Australian Datacentres: NextDC, Polaris and Equinix.

Datacentre security include:

N
Individual checks prior to authorisation
N
24/7 onsite security personnel
N
Biometric fingerprint security for data centre access
N
Extensive coverage by motion sensitive CCTV cameras

Network/Systems Security

N
SASBOSS web interfaces including PRC are protected by a cloud Web Application Firewall solution from Imperva
N
Access4 perimeter is protected by Juniper firewalls
N
Access4 uses market leader Ribbon Communications Core SBCs to protect its voice network configured in a highly secure way
N

SIP registration with username and password digest authentication is mandatory prior to making any call

N

Broadworks servers and SBCs are regularly patched or upgraded to address any security issues

N
SIP trunks are only allowed to connect from Australian based IP addresses unless otherwise requested when provisioned.

Identity management

N

All SASBOSS passwords are stored in the database in irreversible hashed form and cannot be recovered by Access4

N

Access4 enforces two-factor authentication for root and Partner level logins to SASBOSS. Customer level login 2FA is optional

N

SIP passwords pushed to end point configurations via ZTP and not handled by humans reducing risk of exposure

N

SIP passwords for SIP trunks or Generic SIP devices are only transmitted via encrypted channels

N

Automatic account lockouts are implemented based on multiple failed attempts

N

Auto generated passwords are available through SASBOSS for creating or changing account passwords

N

Access4 internal protocol for distributing credentials is through mixed mediums

N

Usernames segregated from passwords which are distributed via SMS

Fraud detection and protection

N
Different outbound calling profiles are available through SASBOSS to block variety of call types such as International per service or per group of services
N
Call Charge Monitoring feature is available to enforce a maximum amount at a retail price for international or all calls with automatic alerts with optional suspension of non-conforming enterprises

Data location

N
SASBOSS stores all the data in Australian data centres
N
All call related data is stored in Australian DCs except for NZ calls
N
NZ call related data is stored in AU and NZ DCs
N
Call recording data is stored in AWS cloud at SY-3 Equinix and is PCI compliant