Our Products & Services
Getting Started
First Time Setup
Getting Started With Jobs
Getting Started with Accounts
Getting Started with Inventory
Getting Started with Ticketing
Setting Sonar up for Billing
Baseline Configuration
How To: Using Sonar's Customer Portal
User Specific Resources
Accounts
Account Groups: Overview & Example Use Cases
Account List View: Overview
Account Management View: Overview
Account Overview Customization
Account Statuses: Overview & Example Use Cases
Account Types: Overview & Example Use Cases
Anchor & Linked Serviceable Addresses: Overview and Best Practices
CPUC Fixed Broadband Deployment by Address
Child Accounts: Best Practices & How Tos
Creating a New Account
Disconnecting an Account
FCC Broadband Data Collection (BDC) Filings: How Sonar Can Help
FCC Data Exports: General Overview and Usage
Future Serviceable Addresses: Overview
Lead Intake Form Processing
Notes & Tasks: Best Practices & Use Cases
Scheduled Events: Overview & Use Cases
Serviceable Addresses: Overview and Usage
Specify Account ID upon Creation
Using Sonar's FCC Broadband Label Generation Tool
Billing
ACH Batching: Overview
Accounts in Vacation Mode
Avalara: Overview & Setup
Batch Payments & Deposit Slips: Overview
Billing Calculator
Billing Defaults
Billing Settings
Building Packages
Building a Data Service
Canadian ACH tool
Changing Service Pricing in Sonar: Best Practices
Considerations When Using Avalara with Voice Services
Creating Discounts for Services and Packages
Delinquency Billing Best Practices
Delinquency Exclusions: Overview and Use Cases
Email Invoice Batch: Overview
General Ledger Codes: Overview
General Transactions: Best Practices
How Sonar Prorates Billing
How to Take Bank Account Payments
How to: Adding a Service to an Account
Invoice Templates: Overview
Leveraging PayPal as a Payment Method in Sonar
Manual Transactions
Multi-Month Billing & Multi-Month Services
Print to Mail
Printed Invoice Batches: Overview
Services: Overview
Setting Up Payment Methods and Taking Payments
Setting up Bank Account & Credit Card Processors
Taxes Setup
Usage Based Billing Policies: Overview and Usage
Usage Based Billing Policy Free Periods: Overview and Usage
Using Tax Exemptions - How To
Communication
Call Logs: General Best Practices
Communication Tools: Overview
Email Variables & Conditions
Message Categories: Overview & Use Cases
Phone Number Types: Overview and Use Cases
Saved Messages: Overview
Setting up an Outbound Email Domain
Trigger Explanations
Triggered Messages: Setup
Using Outbound SMS
Using the Mass Message Tool
Companies
How to: Setting Up a Company in Sonar
Managing Multiple Companies in Sonar: Best Practices
Rebranding your Sonar Instance
Financial
Contract Templates
Invoice Attachment Use Cases & PDF Examples
Invoice Messages: Overview & Use Cases
Invoices in Sonar: Examples, Creation & Contents
Integrations
Calix SMx Integration: Overview
CrowdFiber Integration
External Marketing Providers
GPS Tracking Providers: Overview
GoCardless Integration: Overview & Setup
How to Connect Cambium to your Sonar Instance
How to Connect Preseem to your Sonar System
How to: Using Webhooks in Sonar
RemoteWinBox - Integration with Sonar
The Sonar Field Tech App
Tower Coverage Integration: Overview
Vetro FiberMap Integration: Overview
Webhooks in Sonar: Basic PHP Example
iCalendar Integration
Inventory
Inventory List View: Overview
Inventory Model Management: General Overview
Setup of Inventory: Manufacturers, Categories, and Assignees
Tracking and Using Consumable Inventory
Jobs
Applying Task Templates to Jobs
Edit Job Options
Example Jobs & Templates
Geofences: Overview
Job Types: Best Practices
Jobs and Scheduling: Overview
Scheduling How-to: Creating and Booking a Job
Scheduling Week View: Overview
Setting Up Schedules General Overview
Mapping
Misc.
Combining Custom Fields & Task Templates for Information Storage
Custom Fields Overview & Use Cases
Custom Links: Overview
Task Templates Overview & Use Cases
Monitoring
Building Alerting Rotations
Building a Monitoring Template
Poller Troubleshooting
Pollers: General Overview, Deployment Strategy, Build Out & Setup
Networking
Assigning RADIUS Addresses
Assigning an IP Address Using Sonar's IPAM: How to
Automating IP Assignments, Data Rates, and Network Access in Sonar
Building Address Lists
Building RADIUS Groups
Building a Device Mapper
Cable Modem Provisioning
Controlling Customer Speeds with Sonar: General Overview
DHCP Delivery
Data Usage Available Methods
Finding your OIDs
How Sonar Communicates - Egress IPs Explained
IP Assignments & Sonar
IPAM: Basic Setup
IPAM: Overview
LTE Integration
MikroTik as an Inline Device: Integration With Sonar
MikroTik: Controlling Access
MikroTik: Controlling Speeds
MikroTik: Setting Up a Sonar Controlled DHCP Server
Netflow Integration: Overview
Network Dashboard: Overview
Network Sites: Management View Overview
PacketLogic: Integration With Sonar
Pulse, Polling, and PHP
RADIUS: Build-Out & Integration with Sonar
RADIUS: Building Reply Attributes
Setting Up CoA Proxy
Sonar Flow
Sonar IP Addressing
Using Multiple Network Devices in Sonar
Purchase Orders
Release Notes
Reporting
Enhanced Business Intelligence - Tips & Tricks for Advanced Users
How To Enhance Your Reporting With Custom Field Data
Report Licenses
Sonar's Business Intelligence: Overview
Understanding Sonar Reports
Security
Application Firewall: General Overview and Best Practices
Auth0: Overview
Multi-Factor Authentication: Overview
Password Policy In Depth
Removing a Terminated Employee In Sonar
Role Creation using GraphiQL
User Role Creation & Best Practices
Users: Overview
Sonar Billing
sonarPay
sonarPay Chargebacks & Disputes: Overview
sonarPay Disbursements: Overview
sonarPay Overview
sonarPay Reversals, Voids, & Refunds: Overview
sonarPay: Token Migration Process
System
A Deeper Dive into the New Sonar API
API Calls Using Third Party Applications: Personal Access Tokens
Browser Compatibility and Minimum Hardware Requirements for Sonar
Consuming the Sonar API
Controlling Your Landing Page: Personal Preferences
Customizing Your Customer Portal
Date/Time Picker: Overview
Dynamic Time Zones in Sonar
Filtering: Overview
Frequently Used Terms
Getting Your Data into Sonar
How To Use GraphiQL to Understand the Sonar API
How Your Data is Backed Up
How to Best Use Global Search
Interacting with Files via the API
Introducing the New Sidebar
Mutations in the Sonar API
Notification Preferences
REST API Wrappers for V1 Compatibility
SMS Notifications
Sonar's Rich Text Editor
System Settings: Overview
The New Sonar API
Troubleshooting the Customer Portal
Upgrading your Ubuntu OS - Customer Portal Upgrades
User Profile: Your Personal User Settings
Ticketing
Advanced Ticketing Features
Canned Replies Examples & Templates
Canned Reply Categories
Exploring Ticket Groups
How to Integrate Inbound Mailboxes with Slack
Inbound Mailboxes Example Build
Ticket Categories Best Practices & Example Build
Ticketing: Overview
Using Parent Tickets
Voice
API Changes for Voice Billing
Best Practices to Remain CPNI Compliant
Billing Voice Services in Sonar
Deploying Voice Services in Sonar
Working With the Sonar Team & Additional Resources
Sonar's Security Practices & Certifications
CyberSecure Canada Certification
Sonar and General Data Protection Regulation (GDPR)
Sonar's Security Strategies
Technical Security Overview
Best Practices for Fast Tracking a Support Request
Feedback Portal / Suggest a Feature
Learning with Sonar: Tools and Resources
New Client Training Overview
Sonar Casts Table of Contents
Submitting Bugs vs. Feature Requests
The Sonar Community Forum
The Sonar Status Page
Third Party Customer Support Referrals
Table of Contents
- All Categories
- Working With the Sonar Team & Additional Resources
- Sonar's Security Practices & Certifications
- Technical Security Overview
Technical Security Overview
Read Time: 4 mins
1.0 Purpose
This document has been compiled to provide clients and partners with an overview of Sonar Software’s security-related technologies, policies, and best practices by addressing many of the most common questions and areas of importance to our valued business partners.
The information in this document is to be considered highly confidential and may only be distributed with permissions within the implementing organization.
If you require any additional information please reach out to your Sonar contact and they will initiate the internal request immediately.
2.0 Information Security
2.1 Cloud Security
Sonar leverages the power and security of Microsoft Azure, DigitalOcean, and Amazon Web Services (AWS) to keep client data secure, confidential, and private in the cloud.
Microsoft Azure Cloud Infrastructure Certifications: ISO 9001, ISO 27001, ISO 27017, ISO 27018, ISO 20000-1, ISO 22301, SOC 1-3, CSA STAR.
DigitalOcean Cloud Infrastructure Certifications: ISO 9001, ISO 27001, ISO 14001, ISO 50001, ISO 22301, SOC 1-3, CSA STAR, PCI-DSS.
AWS Cloud Infrastructure Certifications: ISO 9001, ISO 27001, ISO 27017, ISO 27018, SOC 1-3, FedRAMP & FIPS.
Laws, Regulations & Privacy: PIPEDA, CISPE, FERPA, HIPAA, ITAR & EU DPD.
Alignments/Frameworks: CIS, CJIS, CSA, FISC, FISMA, ICREA, NIST & EU-US Privacy Shield.
All Data Centers maintain SSAE-16 attestation in conjunction with their auditor. SSAE-16 attestation is based on an in-depth series of documented controls covering the operational management of the Data Center Hosting infrastructure.
For more details, visit:
- Microsoft Azure https://servicetrust.microsoft.com
- DigitalOcean https://www.digitalocean.com/trust/certification-reports/
- Amazon Web Services (AWS) https://aws.amazon.com/artifact/
2.2 Network Security
- Network Security Group controlled access to our private VNets.
- Extended Detection and Response (XDR) monitoring of security vulnerabilities and threats.
- Intrusion detection and prevention systems to protect against malware threats, brute-force attacks, SQL injections, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, worms, and botnets.
- Operating procedures, security policies, and processes ensuring the safety of all Sonar employees, suppliers, partners and customers.
- Operating procedures, security policies, and processes controlling the quality of, and maintaining the integrity of, all Sonar information systems and services.
- Monitoring systems providing continuous availability and optimized performance.
- VPN Administration of all servers.
- Centralized logs for all services.
- Audit logs of all environmental changes.
2.3 Data Security
- Data is transmitted to and from our servers over HTTPS and is encrypted in transit (TLS) using 256 bit AES (or higher) encryption.
- Data is stored and encrypted at rest using AES 256-bit encryption.
- All communications use SSL (Secure Sockets Layer) encryption and all data is stored in SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified data centers.
- Tokenization of sensitive client payment data.
- Geographic Data residency options are available.
2.4 Physical Security
Sonar applications are hosted on Microsoft Azure in state-of-the-art regional data centers, designed to protect mission-critical systems with fully redundant subsystems and compartmentalized security zones. Our cloud data centers adhere to the strictest physical security measures including, but not limited to, the following:
- Multiple layers of authentication for server area access
- Two-factor biometric authentication for critical areas
- Camera surveillance systems at key internal and external entry points
- 24/7 monitoring by security personnel
- All physical access to the data centers is highly restricted and stringently regulated
2.5 User Controls
Access to Sonar sessions is under the control of Super Administrators. Sonar Super Administrators are assigned by the customer for each Sonar instance with module-based user roles, and granular-access permissions.
3.0 Application Security
3.1 Application Environment
- Code check-ins that are peer reviewed
- Enforced password complexity rules and restrictions on re-use
- Session access control to restrict access to session data
- Session timeout policy in place and enforced
- Server OS Hardening and Configuration Management
- HTTP Security Headers
- XSS-Protection
- X-Frame-Options
- HTTP Strict Transport Security
- Cache-Control
- X-Content-Type
- Content-Security-Policy
3.2 Penetration Testing
Sonar completes annual independent penetration testing to check for exploitable vulnerabilities, and to ensure the integrity of our online defenses.
4.0 Technology Governance
4.1 Compliance
Sonar is actively working towards ISO/IEC 27001 certification, and our goal is to have this complete within the next 12 months.. Sonar’s commitment to privacy and security are centered around protecting your data, preventing external threats, empowering your individual rights, and the transparency enumerated by the GDPR (General Data Protection Regulation). Sonar’s cloud service platform meets a number of international and industry-specific compliance standards, such as the General Data Protection Regulation (GDPR), CCPA (California Consumer Privacy Act), PIPEDA (Personal Information Protection and Electronic Documents Act), and the NIST Cybersecurity Framework (CSF).
4.2 Privacy Practices
Sonar has implemented a Privacy Management Program aligned with global privacy requirements, including PIPEDA, CCPA, and PCI DSS.
We utilize leading-edge tokenization as our encryption method to ensure the highest level of security in transferring sensitive data. We have stringent requirements and processes to follow when choosing our data-storage providers, who must maintain the highest level of compliance with privacy legislation.
4.3 Operational Management & Access
Sonar may require access to customer data when dealing with support requests. When this is required, the Sonar customer support agent will request access from the customer Administrator, who will then grant the access and be responsible for removing it when the support request is completed.
Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy. We have strict policy and technical access controls that prohibit employee access except in these circumstances.