Security of Rev Transcription Services

Security can never be an afterthought. This is especially true for speech-to-text and transcription services, as voice and other audio or video files can contain sensitive or private information. That’s why Rev is committed to more than just preventing hackers from accessing our customer’s data. 

In this article, we’re going to give you a high-level overview of the technologies and policies that we employ to protect the confidentiality, integrity, and availability of your data. These measures go beyond the standard guarantees by protecting user privacy, giving users more control over their data, and preventing leaks through a variety of tactics.

These practices are rooted in guidelines from the National Institute of Standards and Technology (NIST), the industry standard for cyber best practices.

Technologies

The first step to protecting data confidentiality is, of course, encryption. We encrypt all customer files both at rest (stored on our servers) and in transit via industry standards like HTTPS and TLS.

We also constantly backup data to prevent loss and corruption. Along with fully redundant infrastructure, we guarantee 99.9% uptime for full availability.

All of Rev’s infrastructure is hosted on Amazon Web Services (AWS). As an industry leader, Amazon has access to some of the best security talent on the market, and they also maintain strict physical access policies that utilize sophisticated access control mechanisms. We also leverage multiple AWS availability zones for high availability.

Rev also incorporates security as a foundational principle in the software development life cycle (SDLC) for products such as Rev.ai and our automated transcription engine. Security is never an afterthought. As soon as the first lines of code are written, we start working on the product’s security.

On the back-end, our administrators also employ a number of technical solutions to prevent, detect, and respond to unauthorized access. These include hardening our systems, maintaining strict firewall rules, and employing intrusion detection systems for continuously monitoring. In the event of a breach, we can isolate components of the system for containment and maintain ongoing operations.

Policies

While our tech sets rules for how our computers behave, policies inform how our people behave. This makes policies just as essential to comprehensive cybersecurity as technical controls. Policies are also key to another pillar of security: data privacy and ownership.

We maintain strict controls over how our employees interact with our customer’s data. While many of these policies apply to every employee at our company, they’re especially pertinent for our thousands of human transcriptionists who work from all around the world.

To even get started in transcription, we require all Revvers to sign a non-disclosure agreement (NDA). So, for instance, if a customer wants a transcript of their phone calls, the transcriptionists are forbidden from sharing or discussing those phone calls.

We also utilize role based access controls (RBAC), especially least privilege. Basically, this means that our employees only have access to the data that they need to do their jobs. Transcriptionists aren’t able to access voice recordings that other transcriptionists are working on, for example.

On top of this, transcriptionists cannot download any of the files that they’re working on. All work is done through our private portal, meaning all of your data stays on our servers. Along similar lines, one way that we verify our transcriptionists identity is by forbidding the use of a virtual private network (VPN). 

Rev’s data usage policies also comply with regulations including the EU’s GDPR and California’s CCPA. These rules apply equally to voice recordings, video files, and other forms of personally identifiable information (PII), such as those we collect during account creation. Essentially, complying with these regulations gives our users greater ownership over their own data and compels us to protect their privacy.

One key provision is the right to be forgotten. This means that, at any point, our customers can purge video, audio, and/or document data from Rev systems via the user interface (UI). Another option is setting up automated deletion policies via a support ticket.

Another facet of this is that Rev never shares or sells customer information to 3rd party marketers. Our privacy policy states that “Rev does not ‘sell’ your personal information as we understand that term to be defined by the California Consumer Privacy Act ( ‘CCPA’) and its implementing regulations. This guarantee is especially crucial for automatic speech recognition (ASR) services because voice activated devices have such great potential to be used as surveillance tools for targeted advertising. At the end of the day, that’s not the world we want to live in.

Conclusion

When we put all of this together, we arrive at what cybersecurity experts call Defense in Depth (DID). Rather than rely on any single measure, we use a multitude of both policies and technologies to defend our customer’s data and privacy. Just like a medieval castle is protected by walls, guards, and a moat, Rev’s systems leverage everything from today’s most advanced encryption protocols to strict information governance policies.

Ultimately, all of these measures are a small cost to pay for something that’s truly priceless: peace of mind. You’re safe with Rev.

Ready to learn more about our speech-to-text software, automatic transcriptions, or how we protect sensitive information? Get in touch with us today.

transit via industry standards like