Security

Keep Your Sales Conversations Secure

Chorus Security Standards, Best Practices, and Certifications

Hero security

Enterprise-Level Security Standards. For Everyone.

We take security very seriously. Customer conversations are one of the most valuable assets for a business and must be treated with the utmost care. Chorus doesn't outsource or white-label any technology so your data isn't vulnerable to 3rd party breaches. We are also SOC II compliant (audited by Ernst & Young).

Chorus hosts its software on Amazon Web Services (AWS) and leverages Amazon facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 3, and ISO 27001. See Amazon's compliance and security documents for more detailed information.

All of Chorus’ servers are located within Chorus’ own virtual private cloud, and do not allow external connections from untrusted sources. Our software infrastructure is updated regularly with the latest security patches.

Data security

Data Security

Your data is treated with the highest security standards - any data, as well as any connections you make while accessing Chorus, are completely secure.

  • Recordings, transcripts, and analytics are encrypted in transit with HTTPS over TLS
  • All connections with the Chorus app are encrypted using TLS
  • Any attempt to connect over HTTP is redirected to HTTPS
  • Sensitive data such as deploy keys for source control tools are encrypted at rest
  • Encryption key management is secured using a combination of Amazon Key Management Services (KMS) and Hashicorp Vault
Application security

Application Security

Chorus develops its application by following security best practices like OWASP guidelines for secure web application development.

  • Everyone trained on the Hunter2 Secure Coding platform
  • Support multiple Single Sign-On (SSO) providers, via OAuth2 and SAML, such as Salesforce, Google, Microsoft, and Okta
  • Where SSO is not an option, Chorus login requires strong passwords
  • User passwords are salted, irreversibly hashed, and stored in Chorus’ database
  • We actively manage access to all protected information assets and system changes
  • Least privilege and segregation of duties used to determine access
  • Internal penetration testing performed at least once each quarter, and external third-party testing at least once a year
Secure dev process

Secure Development Process

At Chorus, code development is done through a documented SDLC process which includes guidance on how code is tested, reviewed, and promoted to production. We use a foolproof process across the entire lifecycle which includes:

  • Code peer reviews before it is committed to the master code branch of the Chorus application
  • Functional and unit testing using automated tools that are efficient and secure
  • Automatic Static and Dynamic Application Security Testing, License Management Testing, and Dependency Scanning as part of the Continuous Integration pipeline
Corporate security standards

Corporate Security Standards

Security isn’t just about proofing one’s technology and infrastructure. It’s also about human behavior. Chorus takes multiple steps to ensure that elaborate security policies are maintained, communicated, and followed across the board — by employees and partners.

  • New contractors and employees are required to pass a background check and sign confidentiality agreements
  • Chorus new-hires complete security training as part of the entry into the organization
  • Employees receive routine security awareness training and confirm adherence to Company security policies
  • Employees are reminded of security best practices through informal and formal communications
  • Chorus’ vendor management program ensures that third-parties comply with an expected level of security controls