LogoLogo
  • Go to Docs Center
  • Plum DEV Documentation
  • Overview
  • Developer Reference
    • Tutorial
    • How to...
      • Use Plum's Transcription API
    • Audio Formats and Prompts
    • Grammars and Speech Recognition
    • Available ASR Engines
    • TTS Engine Characteristics
      • Amazon Polly TTS Engine
        • Polly Voice Tag Attribute Details
      • AT&T Natural Voices
      • Cepstral Engine
      • RealSpeak Engine
      • Vocalizer 7
        • Vocalizer 7: <voice> tag and SSML Support
    • Data Exchange
    • Logging
    • Caching
    • Root Documents
  • VoiceXML
    • Tags
      • <assign>
      • <audio>
      • <block>
      • <break>
      • <catch>
      • <choice>
      • <clear>
      • <data>
      • <desc>
      • <disconnect>
      • <else>
      • <elseif>
      • <emphasis>
      • <enumerate>
      • <error>
      • <example>
      • <exit>
      • <field>
      • <filled>
      • <foreach>
      • <form>
      • <goto>
      • <grammar>
      • <help>
      • <if>
      • <initial>
      • <item>
      • <lexicon>
      • <link>
      • <log>
      • <mark>
      • <menu>
      • <meta>
      • <metadata>
      • <noinput>
      • <nomatch>
      • <one-of>
      • <option>
      • <paragraph>
      • <param>
      • <phoneme>
      • <prompt>
      • <property>
      • <prosody>
      • <record>
      • <reprompt>
      • <return>
      • <rule>
      • <ruleref>
      • <say-as>
      • <script>
      • <sentence>
      • <speak>
      • <sub>
      • <subdialog>
      • <submit>
      • <tag>
      • <throw>
      • <token>
      • <transfer>
      • <value>
      • <var>
      • <voice>
      • <vxml>
    • Properties
      • audiofetchhint
      • audiomaxage
      • audiomaxstale
      • bargein
      • bargeintype
      • certverifypeer
      • completetimeout
      • confidencelevel
      • datafetchhint
      • datamaxage
      • datamaxstale
      • documentfetchhint
      • documentmaxage
      • documentmaxstale
      • fetchaudio
      • fetchaudiodelay
      • fetchaudiominimum
      • fetchtimeout
      • grammarfetchhint
      • grammarmaxage
      • grammarmaxstale
      • incompletetimeout
      • inputmodes
      • interdigittimeout
      • logging
      • maxnbest
      • maxspeechtimeout
      • normalizeaudio
      • recordcall
      • recordcallappend
      • recordutterance
      • recordutterancetype
      • scriptfetchhint
      • scriptmaxage
      • scriptmaxstale
      • sensitivity
      • speedvsaccuracy
      • termchar
      • termmaxdigits
      • termtimeout
      • timeout
      • universals
      • voicegender
      • voicename
    • Application and Session Variables
      • application.lastresult$[i].confidence
      • application.lastresult$[i].inputmode
      • application.lastresult$[i].interpretation
      • application.lastresult$[i].recording
      • application.lastresult$[i].recordingduration
      • application.lastresult$[i].recordingsize
      • application.lastresult$[i].utterance
      • session.callrecording
      • session.id
      • session.telephone.ani
      • session.telephone.dnis
    • VoiceXML Resources
  • Plum DEV Guide
    • Using the Plum DEV site
    • Using the File Repository
    • Outbound Calling Guide
      • Using the Outbound Tools in the DEV web UI
      • DEV Outbound Programming Notes
      • Outbound FAQs and Tips
    • Call Reporting
    • Analytics
    • VoiceTrends
    • Debugging
    • Scratchpads
    • Saved URLs
    • Voice Biometrics
    • Call Routing
    • Data Security
      • 'Private' Tags
      • Managing Secure Phone Numbers
      • Sensitive Data Types
    • SMS Guide
      • Standard Short Codes
      • SMS Debugging/Error Logs
      • Additional SMS Info
    • Single Sign On
  • Plum DEV APIs
    • DEV Outbound APIs
      • Contacts CSV Formatting
      • Outbound API Parameter Notes
      • Legacy and Miscellaneous Notes
    • SMS API
    • Call Logs API
    • Call Scheduling and Pacing API
    • Transcription API
    • Application API
    • Blocklist API
Powered by GitBook
On this page
  • Overview
  • Secure IVR Basics
  • IVR Security Guide
  1. Plum DEV Guide

Data Security

PreviousCall RoutingNext'Private' Tags

Last updated 3 years ago

Overview

At Plum Voice, we take performance and security seriously. That is why we’re committed to continuously updating our products; to ensure that you always have the best technology to work with. We also continually evaluate our platform to determine if it makes sense to expand our security portfolio and add new standards.

These periodic updates provide an opportunity to double-check security settings in your Plum apps. Plum’s platform is always PCI-DSS and HIPAA compliant, but it’s equally important for customers to ensure that the apps they build and manage on our platform are also compliant with these standards. Both the platform (our responsibility) and any apps (customer responsibility) need to be set up properly to ensure an end-to-end secure and compliant data transfer.

For more information about customer responsibility with regard to using Plum's platform, see Requirement 3 of the following document:

Secure IVR Basics

Whitelisting IP Addresses

All data requests from Plum originate from static IP subnets. Customers that utilize whitelisting need to ensure that these IP subnets are whitelisted so that our requests can reach you.

Plum will also need to whitelist all IPs and/or fully-qualified domain names used by your application on our side in order to grant you access.

To get a list of whitelist IPs, or if you have questions about whitelisting, .

Understanding Secure Data Flow

The data flow process originates when the caller inputs information. The data travels across the public switched telephone network and is captured by the IVR. After capturing this data and at some point before the call disconnects, the IVR establishes a connection to the customer’s database/payment processor/business logic, etc. through a secure HTTP web service.

Once that information is transmitted to the customer and the call ends, that caller’s information is deleted from the IVR application’s memory.

HTTPS

There are two important points to keep in mind about this data flow.

  1. Plum customers must have a secure HTTP connection (HTTPS) to ensure that a secure, encrypted connection exists between the two systems for the data transfer. Plum's firewalls will deny any non-HTTPS requests that come out of our PCI environment.

  2. Plum Voice does not, under any circumstance, save or store caller financial data. We only capture caller information and transmit it to customers.

Once a Plum IVR application hands off encrypted data to a customer, it is up to that customer to ensure that the remaining work flow on their end is PCI-compliant.

Secure Phone Numbers

Customers cannot use Plum's PCI-environment for testing or QA purposes.

IVR Security Guide

The following guide is primarily intended for Do It Yourself (DIY) customers, but the information is relevant to all secure applications.

Although this section tends to reference PCI-compliance, at Plum, PCI is commonly used as a catch-all term to refer to any customer security needs.The same protocols apply to customers who require HIPAA, SOC2, or any other security standard.

Customers should check with their own compliance auditors to ensure that they protect the correct data, regardless of which standard(s) they require.

Phone numbers connected to secure IVR applications require additional backend configuration. For more information, see .

- This covers how to set your application to securely collect caller information and how to use call logs to verify that your app is functioning properly.

- This covers the differences between Secure and Non-Secure phone number and the limitations customers face with each.

- This provides information on the types of data that customers should mark as private.

Managing Secure Phone Numbers
'Private' Tags
Managing Phone Numbers for Secure IVR Apps
Sensitive Data Types
contact Plum Support
454KB
PlumVoice-ResponsibilityMatrix.pdf
pdf
Customer Responsibility Matrix