Skip to main content
Info
What is TeleBot?
Telebot Security
All CollectionsAbout TeleBot
TeleBot Security FAQ
TeleBot Security FAQ

Security Information about TeleBot

Joe Caffrey avatar
Written by Joe Caffrey
Updated over 6 months ago

Info

What is TeleBot?

An additional means for customers to communicate with us via a chat feature embedded within our applications. This feature allows customers to search for articles and content on their own, chat with a robot for commonly asked questions, and/or chat with a Client Support Engineer for more complex involved questions.

Telebot Security

  1. Is TeleBot data encrypted?

    • All data sent to or from TeleBot is encrypted in transit using 256-bit encryption.

    • API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means only strong cipher suites are used and have features such as HSTS and Perfect Forward Secrecy fully enabled.

    • Data at rest is encrypted with an industry-standard AES-256 encryption algorithm.

  2. Where is the TeleBot service hosted?

    • TeleBot services and data are hosted in Amazon Web Services (AWS) facilities in the USA (us-east-1), Dublin, Ireland (eu-west-1), and Sydney, Australia.

    • TeleBot services are hosted on a platform spread across 3 AWS availability zones. Our US IQ Platform is resident to us-east-1. Our EU Platform is resident to eu-west-1

    • Servers hosting TeleBot are within a virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests into the internal network.

  3. What compliance and certification standards are in place for the platform hosting TeleBot services?

    • SOC2 Type II, Privacy Shield/EU-US Privacy Shield, Cloud Security Alliance (CSA), HIPAA, ISO 27001

  4. How is administrative access to the TeleBot service restricted?

    • Administration access to TeleBot can be restricted via SAML Single Sign-on (SSO), additionally, for password-based authentication, 2-factor authentication (2FA) can be enabled.

    • Password complexity standards are enforced, and credentials are stored using a PBKDF function (bcrypt).

  5. How is the Operations IQ® Platform User Community accessing the TeleBot service?

    • The TeleBot chat feature is not available to any user before the login process. Once a user has fully authenticated via their Hospitals IAM solution and authorization tokens are presented to the IQ Platform, then and only then will they be able to utilize the TeleBot. This may change in the future.

    • Each authenticated user’s Name, E-Mail Address, IQ Tenant, IQ Role, and our ClientID is collected and utilized for ticket creation purposes. We may additionally integrate other application fields to enhance ticket handling.

  6. What if I accidentally enter protected information during a TeleBot chat session?

    • Upon first use of TeleBot, you will be asked to accept our TERMS AND CONDITIONS. By accepting, you agree not to share protected information in any form during a chat. While you are required to accept the TERMS AND CONDITIONS only once, you will be required in subsequent chat session to not share PHI or PII.

    • We are able to mask out sensitive data for additional security, however, if protected information is inadvertently entered, we have an internal process in place to immediately remove that information from the chat session.

  7. Is TeleBot activity logged?

    1. Audit logs for all activity are produced, and S3 is used for archival purposes.

Related Articles
TeleBot Quick Reference Guide
TeleBot FAQ
Supported Paging Methods - Capacity IQ®
Technical Information Reference - Operations IQ® Platform
Snowflake Security Enhancements - Data IQ®
Did this answer your question?