Security at Bandwidth

Security at Bandwidth is a high priority. Protecting both our network and our customers’ information is something we take seriously, and we’ve taken numerous steps to protect our customers and ourselves from anything that could jeopardize that security.

Lock graphic representing Bandwidth's strong security

We’re constantly working to improve our security measures. To do that, we have made ourselves GDPR compliant and achieved the internationally recognized ISO 27001:2013 certification for our products and services.

One of the few standards that uses a top-down, risk-based approach, ISO 27001 identifies requirements and specifications for a comprehensive Information Security Management System (ISMS) covering the business processes, people, and infrastructure that operate and support Bandwidth’s Messaging, 911, Number Management, and Voice products.

ISO 27001 Certification Logo

“Achieving the ISO 27001:2013 certification demonstrates to our customers Bandwidth’s commitment to information security, best practices, and the importance of the protection of our customers data.”

Andrew Grimmett
Sr. Director of Information Security

Network Security Icon

Network Security

Our network is monitored 24×7 by our Network Operations Center (NOC). All site locations have firewalls and traffic monitoring deployed to ensure the security, stability, and reliability of the network our customers rely on.

Application Security Icon

Application Security

We’re proud of our software. Our APIs make it easy for businesses to embed communications, which is why we’ve built security right into our software. Our application security program proactively performs static and dynamic scanning of systems and software code. We also work with developers to provide feedback loops during the development lifecycle through our Bandwidth SSDLC.

Vendor Risk Management Icon

Vendor Risk Management

We continuously monitor our vendors through our Bandwidth VRM (vendor risk management) program. This enables us to identify and protect data store by third-party vendors in real-time by doing data security evaluations at all times instead of at regular intervals.

Endpoint Security Icon

Endpoint Security

In addition to protecting our network and software, we’re committed to protecting all access points to that network and your information. All Bandwidth desktops, laptops, and mobile devices are centrally managed and fully encrypted. All end-user computers have anti-virus and anti-malware protections.

Physical Security icon

Physical Security

Access to all Bandwidth offices is restricted and controlled by assigned proximity badges. Visitors must sign in, display a visitor badge, and be escorted by the sponsoring employee. Entrances and exits to all sites and offices are under video surveillance. Bandwidth hosted data centers are SOC 2 Type II or ISO 27001:2013 certified. Each data center site location provides layers of security, including biometrics, security guards, cameras and equipment secured in isolated rack/cages.

Security Controls Overview

Security Fact Sheet

Bandwidth has a dedicated information security team that oversees Bandwidth’s security program. Bandwidth recognizes information must be managed, controlled and protected as it has a significant impact on our products and customers.
Download Fact Sheet →

Learn more about our security

To learn more about what we’re doing to protect your information and our network, download our Information Security Fact Sheet or talk to one of our security experts.

Talk to an expert Report a vulnerability