Security and Confidentiality at Mobile Assistant

We take security and confidentiality of our client information seriously. Here are some ways we protect you.

Screenshot 2023-05-08 at 1.27.04 PM

Visit: Mobile Assistant Security

Protecting your data and providing you a confidential way to document client meeting notes is a critical part of the Mobile Assistant service to our customers. Here are just a few of the security measures we have in place so you can rest easy that your business is protected.

Mobile Assistant Security Program Overview & Governance

Mobile Assistant, Inc. is a mobile dictation service serving the financial and insurance industries.

For the last 20 years, Mobile Assistant has leveraged technology in a way that connects clients to its U.S.-based, human, professional transcriptionists to help solve the problem of how to accurately capture and document client meeting interactions.

Mobile Assistant recognizes that cybersecurity is an integral part of its business as customers expect and demand that the data that they entrust to Mobile Assistant is adequately protected regardless of whether that data is audio (voice recordings), transcriptions, financial account information, personal details, or any other information.

Security Program

Mobile Assistant employs a security program based on the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27001 standard (ISO/IEC 27001:2013). Additionally, Mobile Assistant conducts third-party led, annual assessments to ensure that customers' cybersecurity expectations are met and that cybersecurity risks are controlled to an exceptional level.

A comprehensive security program protects all systems and data. All Mobile Assistant written information security policy documents are reviewed at least annually by a team consisting of members from the Mobile Assistant Security and Compliance Advisory Council (SCAC) and human resources departments. The SCAC conducts an annual risk assessment and reviews risk regularly.

The following policies govern the program:

  • Information Security Terms and Conditions of Employment

  • Information Security Roles Responsibilities and Authorities

  • Third-Party Security Requirements

  • Network Services

  • Change Management

  • Data Protection

  • System Monitoring

  • Risk Management

  • Information Security Incident Response

  • Employee Disciplinary Process

  • Clear Desk, Clear Screen Policy

  • Acceptable Use Policy

  • Employee Screening Policy

  • Malicious Code Policy

  • Data Classification Policy

  • Termination Policy

  • Mobile Device Policy

  • Evidence Collection and Retention

  • Software Installation Policy

  • Backup Policy

  • Business Continuity and Disaster Recovery

  • Teleworking Policy

  • Cryptographic Policy 

Architecture

The company maintains its systems and data in Microsoft Azure and Amazon’s AWS. Azure and AWS offer multi-layered security provided across physical data centers, infrastructure, and operations with cybersecurity experts actively monitoring to protect business assets and data.

Data Controls

Four levels of data classification are used for client data. Sensitive data is protected in transit, and access to this data must be approved by the appropriate owner before being granted, and once provisioned, access is logged and monitored.

Access Controls

Access to client data is limited to those with business need-to-know, including third parties and customers. Third-party access to confidential information is granted only on a need-to-know basis and only provided if an appropriate confidentiality agreement or non-disclosure agreement is in place.

Incident Response

The company has a documented Incident Response Plan that facilitates the consistent implementation of the procedures necessary to detect and react to information security incidents, determine their scope and risk, respond appropriately to the incident, mitigate the risks, communicate the results to all stakeholders, and reduce the likelihood of the incident from reoccurring.

Business Continuity & Disaster Recovery

Business continuity & disaster recovery plans are documented and provide SOPs (standard operating procedures) for common scenarios.

Awareness and Education

Employees and transcriptionists participate in security awareness training quarterly. The company also tracks and monitors security awareness campaigns for employees throughout the year.

Superior Customer Service

  • Our Compliance Team is available to answer any security questions

  • Need more information?  Email us at compliance@mobileassistant.us or call 888-373-1916 and we’ll be happy to help!