Compliance - SMS Platform

Security & Compliance Overview

At Panel SMS, we take security and compliance seriously. Our platform is designed and operated in accordance with industry best practices and international standards to ensure the highest levels of security, privacy, and reliability for our customers.

Our Commitment: We maintain continuous compliance with international standards and regularly update our practices to meet evolving regulatory requirements.

Certifications & Standards

ISO/IEC 27001:2022 - Information Security Management

Our information security management system (ISMS) is certified to ISO/IEC 27001:2022 standards, demonstrating our commitment to protecting customer data through systematic risk management, continuous improvement, and adherence to international security best practices.

ISO/IEC 27001:2022 Certified

ISO 9001:2015 - Quality Management System

We maintain ISO 9001:2015 certification for our Quality Management System, ensuring consistent delivery of high-quality SMS services and continuous improvement in all our processes and operations.

ISO 9001:2015 Certified

Regulatory Compliance

GDPR - General Data Protection Regulation

We are fully compliant with the EU General Data Protection Regulation (GDPR), including:

Data Processing Agreements (DPAs) available upon request
Rights to access, rectification, erasure, and data portability
Privacy by design and by default principles
Data breach notification procedures (within 72 hours)
Appointment of a Data Protection Officer (DPO)
Regular Data Protection Impact Assessments (DPIAs)

TCPA - Telephone Consumer Protection Act

Our platform supports TCPA compliance for US-based messaging, including opt-in/opt-out management and do-not-call list integration capabilities.

ePrivacy Directive (Cookie Law)

We comply with EU ePrivacy Directive requirements for electronic communications and cookie usage, providing transparent consent mechanisms.

CASL - Canadian Anti-Spam Legislation

Our services support CASL compliance for Canadian commercial electronic messages, including consent tracking and unsubscribe mechanisms.

Telecommunications Regulations

We maintain compliance with telecommunications regulations including:

EU Telecommunications Framework
FCC regulations (United States)
National regulatory authority requirements
GSMA best practices for SMS services

Security Measures

Data Encryption

In Transit: TLS 1.2+ encryption for all data transmission
At Rest: AES-256 encryption for stored data
Database: Encrypted database storage with key rotation
Backups: Encrypted backup storage with secure key management

Access Controls

Multi-factor authentication (MFA) for all user accounts
Role-based access control (RBAC)
Principle of least privilege
Regular access reviews and audits
Secure API key management

Network Security

Firewalls and intrusion detection/prevention systems (IDS/IPS)
DDoS protection and mitigation
Network segmentation and isolation
Virtual Private Networks (VPNs) for administrative access
Regular security scanning and vulnerability assessments

Application Security

Secure development lifecycle (SDL)
Regular code reviews and security testing
Automated vulnerability scanning
Annual penetration testing by third-party security experts
Bug bounty program for responsible disclosure

Infrastructure & Physical Security

Data Center Compliance

Our infrastructure is hosted in Tier III+ data centers with certifications including:

ISO 27001 certified facilities
SOC 2 Type II audited
Uptime Institute Tier III certification
24/7 physical security and monitoring
Biometric access controls
Environmental controls and redundancy

Geographic Redundancy

Multi-region deployment for high availability
Automated failover capabilities
Geographically distributed backups
Data residency options for compliance requirements

Organizational Security

Security Training & Awareness

Mandatory security awareness training for all employees
Specialized training for development and operations teams
Regular phishing simulations and security drills
Security champions program

Vendor Management

Security assessments for all third-party vendors
Contractual security and privacy requirements
Regular vendor compliance reviews
Vendor risk management program

Incident Response

24/7 security operations center (SOC)
Defined incident response procedures
Regular incident response drills and tabletop exercises
Breach notification procedures compliant with GDPR and other regulations

Audits & Monitoring

Regular Audits

Annual: ISO 27001 surveillance audits
Annual: SOC 2 Type II audits
Quarterly: Internal security audits
Quarterly: PCI DSS compliance scans
Annual: Third-party penetration testing

Continuous Monitoring

Real-time security event logging and analysis
Automated compliance monitoring
Performance and availability monitoring
Anomaly detection and alerting
Regular security metrics reporting

Documentation & Transparency

We provide comprehensive documentation to support your compliance needs:

Security Whitepaper: Detailed overview of our security architecture
Data Processing Agreement (DPA): GDPR-compliant DPA available
SOC 2 Reports: Available under NDA for enterprise customers
Compliance Questionnaires: Support for customer security assessments
Incident Reports: Transparent post-incident reporting

Need Compliance Documentation? Contact our compliance team at compliance@nvia.com to request security documentation for your vendor assessment process.

Continuous Improvement

Security and compliance are ongoing commitments. We continuously improve our practices through:

Regular review and updates of security policies and procedures
Monitoring of emerging threats and vulnerabilities
Tracking of new regulatory requirements
Investment in security tools and technologies
Participation in security communities and information sharing
Customer feedback integration

Questions About Compliance?

Our compliance team is here to help with your security and regulatory questions.

Email Compliance Team Contact Us

Compliance & Certifications