Compliance & Certifications

Security & Compliance Overview

At Panel SMS, we take security and compliance seriously. Our platform is designed and operated in accordance with industry best practices and international standards to ensure the highest levels of security, privacy, and reliability for our customers.

Certifications & Standards

ISO/IEC 27001:2013 - Information Security Management

Our information security management system (ISMS) is certified to ISO 27001:2013 standards, demonstrating our commitment to protecting customer data through systematic risk management.

ISO 27001:2013 Certified

ISO/IEC 27018 - Cloud Privacy

We adhere to ISO 27018 standards for protection of personally identifiable information (PII) in public clouds acting as PII processors.

ISO 27018 Compliant

SOC 2 Type II

Our annual SOC 2 Type II audit validates our controls around security, availability, processing integrity, confidentiality, and privacy.

SOC 2 Type II Audited

PCI DSS Compliance

Our payment processing systems comply with the Payment Card Industry Data Security Standard (PCI DSS) to ensure secure handling of payment information.

PCI DSS Compliant

Regulatory Compliance

GDPR - General Data Protection Regulation

We are fully compliant with the EU General Data Protection Regulation (GDPR), including:

• Data Processing Agreements (DPAs) available upon request
• Rights to access, rectification, erasure, and data portability
• Privacy by design and by default principles
• Data breach notification procedures (within 72 hours)
• Appointment of a Data Protection Officer (DPO)
• Regular Data Protection Impact Assessments (DPIAs)

TCPA - Telephone Consumer Protection Act

Our platform supports TCPA compliance for US-based messaging, including opt-in/opt-out management and do-not-call list integration capabilities.

ePrivacy Directive (Cookie Law)

We comply with EU ePrivacy Directive requirements for electronic communications and cookie usage, providing transparent consent mechanisms.

CASL - Canadian Anti-Spam Legislation

Our services support CASL compliance for Canadian commercial electronic messages, including consent tracking and unsubscribe mechanisms.

Telecommunications Regulations

We maintain compliance with telecommunications regulations including:

• EU Telecommunications Framework
• FCC regulations (United States)
• National regulatory authority requirements
• GSMA best practices for SMS services

Security Measures

Data Encryption

• In Transit: TLS 1.2+ encryption for all data transmission
• At Rest: AES-256 encryption for stored data
• Database: Encrypted database storage with key rotation
• Backups: Encrypted backup storage with secure key management

Access Controls

• Multi-factor authentication (MFA) for all user accounts
• Role-based access control (RBAC)
• Principle of least privilege
• Regular access reviews and audits
• Secure API key management

Network Security

• Firewalls and intrusion detection/prevention systems (IDS/IPS)
• DDoS protection and mitigation
• Network segmentation and isolation
• Virtual Private Networks (VPNs) for administrative access
• Regular security scanning and vulnerability assessments

Application Security

• Secure development lifecycle (SDL)
• Regular code reviews and security testing
• Automated vulnerability scanning
• Annual penetration testing by third-party security experts
• Bug bounty program for responsible disclosure

Infrastructure & Physical Security

Data Center Compliance

Our infrastructure is hosted in Tier III+ data centers with certifications including:

• ISO 27001 certified facilities
• SOC 2 Type II audited
• Uptime Institute Tier III certification
• 24/7 physical security and monitoring
• Biometric access controls
• Environmental controls and redundancy

Geographic Redundancy

• Multi-region deployment for high availability
• Automated failover capabilities
• Geographically distributed backups
• Data residency options for compliance requirements

Organizational Security

Security Training & Awareness

• Mandatory security awareness training for all employees
• Specialized training for development and operations teams
• Regular phishing simulations and security drills
• Security champions program

Vendor Management

• Security assessments for all third-party vendors
• Contractual security and privacy requirements
• Regular vendor compliance reviews
• Vendor risk management program

Incident Response

• 24/7 security operations center (SOC)
• Defined incident response procedures
• Regular incident response drills and tabletop exercises
• Breach notification procedures compliant with GDPR and other regulations

Audits & Monitoring

Regular Audits

• Annual: ISO 27001 surveillance audits
• Annual: SOC 2 Type II audits
• Quarterly: Internal security audits
• Quarterly: PCI DSS compliance scans
• Annual: Third-party penetration testing

Continuous Monitoring

• Real-time security event logging and analysis
• Automated compliance monitoring
• Performance and availability monitoring
• Anomaly detection and alerting
• Regular security metrics reporting

Documentation & Transparency

We provide comprehensive documentation to support your compliance needs:

• Security Whitepaper: Detailed overview of our security architecture
• Data Processing Agreement (DPA): GDPR-compliant DPA available
• SOC 2 Reports: Available under NDA for enterprise customers
• Compliance Questionnaires: Support for customer security assessments
• Incident Reports: Transparent post-incident reporting

Continuous Improvement

Security and compliance are ongoing commitments. We continuously improve our practices through:

• Regular review and updates of security policies and procedures
• Monitoring of emerging threats and vulnerabilities
• Tracking of new regulatory requirements
• Investment in security tools and technologies
• Participation in security communities and information sharing
• Customer feedback integration

Questions About Compliance?

Our compliance team is here to help with your security and regulatory questions.