Varolii Raises Security Standard for its SaaS-Based Communications


Share on LinkedIn

Varolii Corporation, the market and technology leader in proactive outbound communications, has raised the security standard for SaaS-based communication platforms. Basing its security program on the ISO 27000 Series, Varolii has become PCI Level 1 and NIST certified, and its data centers are SAS-70 Type II certified. The company’s five-layered security program protects client data and securely delivers interactive communications on behalf of Fortune 1000 companies to their customers and employees. Varolii works with more than $400 billion in customer accounts and sends more than 1 billion personalized messages annually.

Varolii Exceeds the Most Stringent Independent Security Certifications

Varolii’s security is based on the ISO 27000 Series—an internationally recognized standard which outlines best practices for information security management, risks and controls for all enterprise data, rather than just a particular subset governed by specific regulations. An ISO-based security strategy offers broader protection and lower risk than one built to satisfy individual compliance and regulatory requirements. Using this approach, Varolii has now achieved the following:

•Service Provider Level 1 PCI Compliance – Varolii has completed its annual Service Provider Level 1 compliance with PCI-DSS, the Payment Card Industry Data Security Standard, which outlines comprehensive requirements to help ensure third-party service providers are protecting credit card customer account data.

•SAS-70 Type II Audits and Compliance – Varolii data centers have achieved SAS-70 Type II compliance, which assures organizations their service provider has satisfied an in-depth audit of its internal and external control activities. A Type II report also includes detailed testing of those controls over a minimum six-month period.

•National Institute for Standards and Technology (NIST) Compliant – Varolii maintains an on-going certification against NIST 800-53 Information Security Standards as required by the Federal Information Systems Management Act that applies to government entities and companies providing service to government entities.

•Independent Client Audits –Varolii regularly submits to client audits, most recently for six of the top 10 U.S. financial services companies and the U.S. government. In addition to annual audits, Varolii regularly performs monthly security reviews for financial services customers.

The Five Imperatives that On-Demand Platforms Must Meet to Give CIOs Peace of Mind

For hosted service providers, it’s crucial to demonstrate a rigorous security program to assure client companies that their customers’ personal information will be protected at all times. Varolii provides the highest levels of security to ensure that only authorized individuals can initiate, administer and receive messages containing sensitive information.

1. Privacy Protection – Varolii provides rigorous protection of private information and adheres to privacy regulations such as Gramm-Leach-Bliley and HIPAA. The company has also certified its privacy practices with the European Union Privacy Directive.

2. Network Security – The Varolii platform is protected by industry-standard security measures, including multiple layers of firewalls for perimeter and internal systems, two-factor authentication for network access, network and host-based intrusion detection software and automatically updated anti-virus software.

3. Facility Security – Varolii’s outbound communication systems are hosted at multiple carrier-class, geographically dispersed data centers. Each data center is fully redundant and features around-the-clock security guards and video monitoring, on-site technicians, biometric controlled access and strictly enforced visitor security policies.

4. Data Security – Varolii uses the strongest possible encryption to protect consumer data and communications. The integrity of messages during transmission is protected using industry-standard, 128-bit Secure Socket Layer (SSL) encryption, while all data residing in the Varolii database is protected using 256-bit Advanced Encryption Standard (AES) encryption.

5. Personal Data Security – Access to consumer data is restricted to a small number of authorized employees, who use two-factor authentication over a VPN connection. All employees are subject to a thorough background check including federal and local criminal records before being hired, enhancing the company’s protection against identity theft.

“Varolii recognizes the security of our customers’ data is crucial, especially when entrusting it to a hosted solution,” said Derrick Mar, chief technology officer at Varolii. “With Varolii’s comprehensive technology infrastructure, CIOs no longer have to weigh the tradeoff between data security and the cost and efficiency advantages offered by the SaaS model.”

News Editor
CustomerThink offers a free news posting service for press releases relevant to our community. To submit your press release to our news editor, send an email to [email protected] with the press release headline and main content in the email subject line and body, respectively. That's it! Approved press releases will appear in our news category within one business day of submission.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here