Skip to content

Financial Services

Every change logged. Every call accounted for.

An append-only audit trail of who changed what, when and from where — with AES-256-GCM encryption, least-privilege roles and SSRF-safe integrations. Controls engineered to SOC 2 Type II and ISO 27001; certification in progress.

audit_log · change-mgmtwriting
config.updatemasking_digits 4→6admin_07
role.grantmanager → audit_viewadmin_07
recording.policyon_demand → alwaysadmin_02
login.successtotp_verified=truemgr_0042
who · what · when · where

Audit trail by default

Accountability, built into every action.

The controls a regulator or internal-audit team asks for — engineered in, not added under deadline.

Append-only audit trail

Every sensitive write is logged with the actor, IP and user-agent — and phone, email, name and secrets are redacted in the log. Nothing material happens without a record.

Audit-trail report

Who changed what, when and from where — filterable by user, action, table and date range, and exportable for review and reconciliation.

Encryption everywhere

AES-256-GCM envelope encryption for recordings and every stored secret (SIP, TOTP, integration credentials); TLS in transit; env-only key management.

Roles, permissions & 2FA

Seven system roles and 50+ granular permissions with custom roles, TOTP 2FA, single-session enforcement and account lockout — least-privilege by default.

Strict tenant isolation

Every query is org-scoped at the data layer; a cross-organisation request returns “not found,” never a leak — isolation by default, not by convention.

SSRF-safe integrations

Wire TelVox into your core systems with lifecycle webhooks and an outbound API catalog — every outbound request gated by a per-org egress allow-list.

Control posture

  • Audit trail on every write
  • Who · what · when · where
  • AES-256-GCM
  • SOC 2-aligned
  • ISO 27001-aligned
  • SSRF-safe egress

Questions

Financial services FAQ

Every sensitive write is recorded append-only with the actor, IP address and user-agent, and the audit-trail report lets you filter by user, action, table and date — the who-changed-what-when-from-where record auditors and regulators expect. Sensitive fields are redacted in the log itself.

Not yet — TelVox's controls are engineered to SOC 2 Type II and ISO 27001 (structured security-event logging, change-management logging, encryption, access control), and we're actively pursuing formal certification. We can share our security overview and controls documentation under NDA.

AES-256-GCM envelope encryption protects recordings and all stored secrets, with TLS in transit. Access uses seven roles and 50+ permissions, TOTP 2FA and single-session enforcement, and every organisation's data is strictly isolated.

Deployment region and data-residency options depend on your environment — talk to us during the demo and we'll map it to your requirements rather than promise a region we can't commit to.

Bring internal audit to the demo.

We'll walk the audit trail, the change-management report and the access model end to end.