Please contact your LiveVox Representative for access to this documentation.

INTRODUCTION AND OVERVIEW:

LiveVox develops, documents and disseminates various policies and processes covering various technical and nontechnical topics. This Handbook is a compilation of these policies, designed to establish, govern and describe various areas of the LiveVox operations. The designs, methodologies and controls addressed involve and cover people, technologies and processes necessary to support the environment for supportable, consistent and predictable operations within and outside of the Platform itself. As part of this people-process-technology, the following applies:

People: comprehensive hiring program focusing on talent and fit for skillsets, experience and expertise as well as cultural fit for the organization. Beyond finding the 'right' people for any given job or position, LiveVox continuously helps individuals develop their skills in accordance with our deployed technologies and promotes from within whenever it makes sense to do so, and seeks appropriate talent in the market as needed.

Process: in keeping with evolving technologies, security standards and frameworks and the threat landscape, LiveVox keeps an eye on evolving processes to meet our needs covering various areas of operation, support and development.  Many of these areas are the focus of specific areas of this Handbook.

Technology: LiveVox develops the platform, and adopts technology for its platform components as well as for tooling and instrumentation to support measuring, monitoring, troubleshooting and development of processes.

In turn, these characteristics enable proper care and protection of information placed in LiveVox's custody for our customers' use of the Platform.

The policies and sections of this Handbook are designed to support compliance with a variety of data protection standards, laws and regulations, and are also reviewed by third party auditors. Examples of such standards include the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) 2 and others. In addition, this document provides alignment, where applicable, with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series in general, with SP 800-53 r4 as the primary compliance guide. This approach provides the basis for compliance with standards such as HIPAA, FISMA, FedRAMP and others. In addition, these policies provide compliance with requirements derived from ongoing audits on the part of our customer base representing a broad range of industries with concerns in areas as varied as payment, finance, federal, healthcare and other sensitive data types.