Wispr Flow Trust Center
Wispr Flow is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Links
Resources
SOC 2 Type I Report
ISO 27001 Certificate
SOC 2 Type II Report
Pentest Report
Data Classification Policy
Controls
Password rules enforced
Secure, unique authentication required for infrastructure access
Quarterly user access reviews performed
Firewall access restricted
Source code access restricted and changes logged
Data encrypted at rest
Encryption in transit over public networks
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Customer data deleted after termination
Database backups performed
Secure connection means utilized
External Attack Surface Vulnerability Scanning & Remediation
Web application firewalls configuration
Development, testing, production environments separated
Source code changes tested and approved
Anti-malware monitoring
Intrusion detection tool
Automated system capacity and performance monitoring
Monitoring, measurement, analysis and evaluation
Infrastructure firewall
Business continuity plans ensure emergency functionality
Business continuity & disaster recovery plans documented and tested
Security incident logging and review
HIPAA Incident Response Policy and Procedures
Incident response procedures documented
Visitor sign-in, badging, and escort policy
Internal Audit Program
Clear desk/screen policy established
Documented HIPAA Security Rule policy acknowledgment
Compliance requirements documented
Technology assets inventoried
Interested party security requirements logged
Annual risk assessments performed
Documented Vendor Management Program
Confidentiality Agreement acknowledged by employees
Background checks performed on contractors
Security awareness training implemented
Background checks performed on employees
Clock synchronization
Multi-availability zones
Defined and maintained ISMS scope
Whisteblower mechanism maintained
Documentation available to internal and external users
Customer support channels available
Information security policies and procedures
Patch management process developed
Removable Media Use Restricted and Encrypted
Mobile Device Management (MDM) and BYOT
Production system hardening and baseline configuration management
Subprocessors
BasetenUnknown Category
Customer.ioUnknown Category
PostHogBusiness Apps & Productivity
StripeUnknown Category