Security & Compliance

Secure, compliant collaboration & workflow solutions

Uncompromising data security & ownership

Symphony’s cloud-based solutions offer encryption, on-premise key ownership, and enterprise-class admin control across finance, insurance and corporate use cases.

Data protection and integrity is part of our core with real-time monitoring, surveillance and data loss protection capabilities that meet the stringent requirements of financial, insurance and enterprise firms. Add to that our industry-leading SLAs and transparency and it becomes clear why our clients choose Symphony to meet their compliance requirements.

Symphony is trusted across financial services

Logo: BNP Paribas
Logo: Citi
Logo: Goldman Sachs
Logo: HSBC
Logo: JP Morgan Chase
Logo: Societe Generale
Logo: Wells Fargo

Security by Design

Security is integral to Symphony’s DNA. Data is protected using safeguards such as zero-knowledge encryption of data and access control mechanisms. Fundamental features like key-expiry management and key-rotations are standard features.

Data Protection

In addition to industry security standards, Symphony provides varying degrees of data privacy and encryption. For example, our Messaging platform offers end-to-end encryption, while Cloud9 Trader Voice offers the option of client-specific application encryption keys.

Access Control

Designed for the financial industry, ensuring that any organization in the Symphony platform can organize and provision users as needed. Specific roles like compliance officers and compliance groups are designed to solve challenges associated with large and complex compliance setups.

Independent Pen Test

Annually, Symphony commissions an independent, third-party penetration test of each product. Findings are prioritized by severity and remediated per our established vulnerability management SLAs.

Secure Development

Threat modeling and design reviews are performed for new products and features. Source code is continuously scanned for vulnerabilities, with findings prioritized and remediated per our established vulnerability management SLAs.

Governance and Compliance

Our products are not only built with highest cryptographic protection, but they are specifically designed to comply with regulatory controls, information barriers, auditability and data archiving.

Surveillance & Auditing

The Symphony Messaging platform allows clients to monitor all user traffic, providing certain classes of users compliance monitoring via a client-controlled virtual compliance monitor participating in each communication channel. On Cloud9 call logs and recordings are available for compliance archival purposes. Admin personnel can review both call data based on the internal bank processes.

To meet content retention and passive compliance requirements, Symphony supports the export of Symphony content via an optional on-premises component. Request more details

Geographic-based Deployments

Symphony supports multiple data location deployment to best match the different regulatory rules regarding client data residency (e.g. GDPR).

Internal & External Communication Controls

Trusted, client-curated directory and external communication controls offer the best in-class solution to streamline external communications and workflows in a secured way. Compliance and data protection are at the heart of Symphony’s external communication protocols, limiting risks associated with data breaches and unauthorized access to sensitive data.

Data Loss Prevention (DLP)

Support for real-time parsing of Symphony messages and file attachments, data loss policy creation, and blocking content from entering our ecosystem. Apply your DLP policies to messages in real time for internal and external conversations via expression filters.

Archiving

Symphony’s products support compliance requirements by integrating with various third-party archival solutions for long term retention of message data or call recordings.

Operational Management

A fundamental principle that has guided the platform design is to maintain a high level of availability and resiliency for the overall Symphony platform. Industry-leading SLAs reflect our expertise and accountability.

Resiliency by Design

Resilience is built into the system at multiple levels. Symphony’s architecture is resilient at the component-level against a global availability zone failure, and all data storage solutions work in high availability mode to maintain data replication across different regions.

Automated Operations

All changes applied to the platform are done following latest operation best practices via infrastructure as code. It guarantees a high degree of agility to seamlessly introduce new features and the possibility to always stay in control of any change happening in the platform.

Industry-leading Service-Level Agreements (SLAs)

Symphony offers citizen development applications. Thanks to design and site reliability engineering (SRE) best practices, automation of the processes, and resiliency of the platform, we offer SLAs for Availability and Mean Time to Recovery (MTTR). Request more details

Corporate Responsibility Certifications

Standards are implemented and controls are designed to meet security, availability, and confidentiality trust services criteria. For example, each year, Symphony undergoes a SOC 2 Type II audit by a third party, and the reports are available for distribution to customers.

SOC 2 Type II

Symphony undergoes SOC 2 audits and third-party penetration tests annually to validate the operation of the control environment and to identify any potential vulnerabilities in the control environment systems. Additionally, security reviews are conducted internally on a continuous basis. Request more details.

Data Privacy Framework

Symphony is certified as adhering to the principles of the EU-U.S. DPF, UK Extension of the EU-U.S. DPF, and Swiss-U.S. DPF.

Environmental, Social, and Corporate Governance (ESG)

Symphony is a member of the UN Global Compact and has publicly committed to adhere to the organization’s Ten Principles, as well as the UN Sustainable Development Goals (SDGs).

Vendor Security Reviews

Symphony evaluates all new vendors to ensure strict standards regarding security practices, data protection and confidentiality as part of our vendor code of conduct.

Seal: DPF
Data Privacy Framework (DPF) Program

The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S.

Seal: AICPA
Association of International Certified Professional Accountants

SOC 2 Type II Report covering security, confidentiality and availability trust principles.

SOC 3 security, confidentiality and availability trust principles.

Seal: FSISAC
Financial Services Information Sharing and Analysis Center

Financial services information sharing and analysis center affiliate member.

Seal: GDPR
General Data Protection Regulation

View our Policies for information about Symphony’s strategy for complying with the EU General Data Protection Regulation.

Seal: DORA
Digital Operational Resilience Act (DORA)

Symphony offers solutions that assist our customers in addressing the regulatory requirements of the Digital Operational and Resilience Act (DORA), a European Union regulation focused on strengthening cybersecurity and operational resilience. What DORA means.

For questions or more info please contact

[email protected]

Get started with Symphony

We're happy to answer questions and get you acquainted with Symphony and our Messaging, Voice, Directory and Analytics platforms.

  • Streamline secure collaboration
  • Connect market participants and workflows
  • Empower data and insights
  • Enable security & compliance
  • Deploy and build integrations, apps & bots

To view this form, please enable cookies in your browser settings. Click the cookie icon in the bottom right corner of your screen, select accept cookies, and refresh the page.