Plume trust center

At Plume, we are providing trusted user experiences to our customers by protecting the security, privacy, and availability of their data. Explore how each of our three pillars of trust build confidence with our partners and customers.

Deployed in million+ locations

Security

At Plume, security is built into everything we design as a product or how we operate as a business, so our customers can focus on growing and innovating their services while empowering consumers to elevate their smart home experience. Our processes align with industry recognized ISO and NIST frameworks to maintain confidentiality, data integrity, and availability of services. We safeguard the security, privacy, and availability of your subscriber data through services that adhere to the most rigorous global standards. You can contact us at [email protected] if you have discovered a security issue you believe we should know about.

  • Ongoing internal security training enables employees to understand common security threats and their mitigations.

  • Software security assurance principles are integrated into the product development lifecycle using industry recognized frameworks such as SAMM to analyze and improve Plume’s product security posture. 

  • Plume utilizes tools and processes to ensure our software and firmware are designed and built securely from the ground up. These include threat modeling, code reviews, and automated and manual security assessments as part of the software release cycle.

  • As part of onboarding to ensure uniform adoption of our information security standards, third-party service providers undertake Plume’s security risk assessment. 

  • Plume uses NIST-approved encryption standards to encrypt customer data both in cloud storage and in communication between the consumer premise equipment (CPE) and their mobile/web applications to the cloud.

  • Network segregation and role-based access control is used to restrict unauthorized data access.

  • Data access permissions are configured to limit access to only those who require it for specific business needs.

  • Access to production data is monitored, logged, and audited.

Privacy

At Plume we design products to protect individual privacy and provide tools that put the individual in control over their information. Plume protects individuals’ personal data by incorporating standard privacy technical and governance controls within our product design while adhering to various regional and global data privacy regulations, such as European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Plume’s personal data collection and handling practices are described in our privacy policy.

  • Plume is fully compliant with General Data Protection Regulations (GDPR). To see how Plume complies with this regulation, please visit our GDPR FAQ.

  • Plume is fully compliant with California Consumer Privacy Act (CCPA). To see how Plume complies with this regulation, please visit our CCPA FAQ.

  • Plume’s Data Processing Addendum (DPA) and our subprocessor list can be found on our legal page.

  • Ongoing internal privacy awareness training enables employees to understand and adhere to our organizational, contractual, and regulatory requirements around personal data handling.

  • Plume employs privacy-by-design principles to integrate privacy requirements early into the product development lifecycle.

  • Privacy impact assessments are conducted routinely in order to discover and mitigate privacy risks as a result of service releases or updates.

  • If you’d like information specific to the HomePass solution, see the HomePass privacy page.

  • If you’d like information specific to the WorkPass solution, see the WorkPass privacy page.

  • Plume retains personal information for the duration necessary to fulfill the purposes outlined in the privacy policy unless a different retention period is required by customer agreements or law.
  • Plume services are hosted and operated in multiple geographic regions, such as North America, Europe, and Asia. Occasionally, Plume must transfer, access, and process personal information outside the country of residence. In these cases, Plume is contractually bound by data processing agreements with all relevant parties. 

  • Plume uses the Standard Contractual Clauses issued by the European Commission under decision 2010/87/EU ("SCC") as its lawful data transfer guidelines for international transfers of EU customer Personal Data.

  • Plume supports exercising an individual's privacy rights, and as such fulfils personal data retrieval and deletion requests.  Individuals or businesses consuming

  • Plume’s services can exercise these rights by completing the Privacy Request Form

  • Plume also supports business customers in fulfilling similar requests on behalf of their consumers through our support channel.

Cloud

Using the power of the cloud, Plume’s services are designed to be secure, resilient and dynamically scalable. The operational status of our cloud can be found here: US EU

  • The Plume Cloud is designed to provide high availability and data redundancy.

  • The cloud infrastructure is built and operated using a shared responsibility model. Plume Cloud leverages certified cloud provider services supplemented by organizational and technical controls.

  • Access to corporate resources are managed using controls such as single sign-on (SSO), multi-factor authentication (MFA), and VPN based remote access.

  • Systems are configured with minimum necessary services, and changes are logged and monitored continuously.

  • Anti-malware and intrusion detection systems are used to identify and respond to anomalous behavior and malicious activity.

  • Periodic security assessments are performed to detect vulnerabilities in the environment.

  • Plume is then able to mitigate these vulnerabilities based on their risk using our well-defined change management and incident response processes.

Compliance

Plume is continuously working to fulfill its regulatory compliance obligations, and benchmark against industry best practices. In pursuit of these objectives, Plume maintains a comprehensive set of compliance certifications to promote/build trust.

  • The ISO 27001 information security management system (ISMS) preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested internal and external parties that risks are adequately managed.

  • ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

  • The Plume production cloud — covering business activities relating to operations, maintenance, and management of Plume’s smart home consumer experience cloud platform for communications service providers and consumers — is ISO 27001 certified.

ISO27001: Security Information Management

  • The ISO 27701 privacy information management system (PIMS) is built on top of ISO/IEC 27001 and helps organizations reconcile privacy regulatory requirements. The standard outlines a comprehensive set of operational controls that can be mapped to various regulations, including GDPR, CCPA. Once mapped, the PIMS operational controls are implemented by privacy professionals and audited by internal or third-party auditors resulting in a certification and comprehensive evidence of conformity.

  • This standard specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

  • The Plume production cloud — covering business activities relating to operations, maintenance, and management of Plume’s smart home consumer experience cloud platform for communications service providers and consumers — is ISO 27701 certified.

ISO27001: Security Information Management

Plume has a great track record with some of the largest service providers around the world and we are really excited that, through our partnership, we are able to bring this premium experience to our members and their customers.

Jared Baumann, Vice President of Broadband Solutions NCTC

CSP Partners