V1 to V2 Product Improvements

Getting Started With Jobs

Getting Started with Ticketing

Setting Sonar up for Billing

Getting Started with Accounts

Getting Started with Inventory

Adding a Customer Portal to Your Sonar Instance

Baseline Configuration General Guide

User Specific Resources

How To: Using Sonar's Customer Portal

Account Types: Overview & Example Use Cases

Account Statuses: Overview & Example Use Cases

Account Management View: Overview

Scheduled Events: Overview & Use Cases

Notes & Tasks: Best Practices & Use Cases

Child Accounts: Best Practices & How Tos

Disconnecting an Account

Understanding the Affordable Connectivity Program

FCC Broadband Data Collection (BDC) Filings: How Sonar Can Help

Account List View: Overview

Specify Account ID upon Creation

Lead Intake Form Processing

Account Groups: Overview & Example Use Cases

CPUC Fixed Broadband Deployment by Address

Anchor & Linked Serviceable Addresses: Overview and Best Practices

Serviceable Addresses: Overview and Usage

FCC Data Exports: General Overview and Usage

Creating a New Account

Setting up Bank Account & Credit Card Processors

Billing Settings

Billing Defaults

Taxes Setup

General Ledger Codes: Overview

Services: Overview

Building a Data Service

Building Packages

Delinquency Billing Best Practices

Accounts in Vacation Mode

Batch Payments & Deposit Slips: Overview

Creating Discounts for Services and Packages

Setting Up Payment Methods and Taking Payments

Canadian ACH tool

Printed Invoice Batches: Overview

Delinquency Exclusions: Overview and Use Cases

Multi-Month Billing & Multi-Month Services

How to Take Bank Account Payments

Email Invoice Batch: Overview

Manual Transactions

ACH Batching: Overview

Billing Calculator

General Transactions: Best Practices

How Sonar Prorates Billing

Usage Based Billing Policies: Overview and Usage

How to: Adding a Service to an Account

Usage Based Billing Policy Free Periods: Overview and Usage

Using Tax Exemptions - How To

Avalara: Overview & Setup

Print to Mail

Setting up an Outbound Email Domain

Triggered Messages: Setup

Call Logs: General Best Practices

Using the Mass Message Tool

Saved Messages: Overview

Message Categories: Overview & Use Cases

Phone Number Types: Overview and Use Cases

Using Outbound SMS

Email Variables & Conditions

Communication Tools: Overview

Trigger Explanations

How to: Setting Up a Company in Sonar

Managing Multiple Companies in Sonar: Best Practices

Rebranding your Sonar Instance

Contract Templates

Invoice Attachment Use Cases & PDF Examples

Invoice Messages: Overview & Use Cases

Invoices in Sonar: Examples, Creation & Contents

Calix Integration: Overview

GPS Tracking Providers: Overview

Webhooks in Sonar: Basic PHP Example

How to Connect Cambium to your Sonar Instance

iCalendar Integration

RemoteWinBox - Integration with Sonar

External Marketing Providers

The Sonar Field Tech App

How to Connect Preseem to your Sonar System

Tower Coverage Integration: Overview

GoCardless Integration: Overview & Setup

Vetro FiberMap Integration: Overview

How to: Using Webhooks in Sonar

CrowdFiber Integration

Setup of Inventory: Manufacturers, Categories, and Assignees

Inventory List View: Overview

Inventory Model Management: General Overview

Tracking and Using Consumable Inventory

Job Types: Best Practices

Setting Up Schedules General Overview

Applying Task Templates to Jobs

Scheduling Week View: Overview

Example Jobs & Templates

Scheduling How-to: Creating and Booking a Job

Geofences: Overview

Edit Job Options

Jobs and Scheduling: Overview

The Map Interface: Overview

Elevation Tool: Overview

Custom Fields Overview & Use Cases

Task Templates Overview & Use Cases

Building a Monitoring Template

Pollers: General Overview, Deployment Strategy, Build Out & Setup

Building Alerting Rotations

Poller Troubleshooting

IP Assignments & Sonar

MikroTik: Setting Up a Sonar Controlled DHCP Server

IPAM: Basic Setup

MikroTik as an Inline Device: Integration With Sonar

MikroTik: Controlling Speeds

MikroTik: Controlling Access

PacketLogic: Integration With Sonar

Setting Up CoA Proxy

RADIUS: Building Reply Attributes

Data Usage Available Methods

Pulse, Polling, and PHP

Using Multiple Network Devices in Sonar

IPAM: Overview

Cable Modem Provisioning

LTE Integration

Assigning RADIUS Addresses

Controlling Customer Speeds with Sonar: General Overview

Sonar Flow

RADIUS: Build-Out & Integration with Sonar

Network Dashboard: Overview

Being Cloud Native

Netflow Integration: Overview

Building a Device Mapper

Sonar IP Addressing

Automating IP Assignments, Data Rates, and Network Access in Sonar

DHCP Delivery

Assigning an IP Address Using Sonar's IPAM: How to

Network Sites: Management View Overview

Building RADIUS Groups

Building Address Lists

Finding your OIDs

Purchase Orders: Overview and Usage

Archived Release Notes

Release Notes

Understanding Sonar Reports

How To Enhance Your Reporting With Custom Field Data

Report Licenses

Enhanced Business Intelligence - Tips & Tricks for Advanced Users

Sonar's Business Intelligence: Overview

User Role Creation & Best Practices

Removing a Terminated Employee In Sonar

Password Policy In Depth

Application Firewall: General Overview and Best Practices

Auth0: Overview

Users: Overview

Role Creation using GraphiQL

Sonar Billing: Overview

sonarPay Disbursements: Overview

sonarPay Overview

sonarPay: Token Migration Process

sonarPay Chargebacks & Disputes: Overview

How to Best Use Global Search

How Your Data is Backed Up

How To Use GraphiQL to Understand the Sonar API

Frequently Used Terms

Sonar's Rich Text Editor

Mutations in the Sonar API

Notification Preferences

API Calls Using Third Party Applications: Personal Access Tokens

Date/Time Picker: Overview

The New Sonar API

Introducing the New Sidebar

Upgrading your Ubuntu OS - Customer Portal Upgrades

A Deeper Dive into the New Sonar API

Consuming the Sonar API

Filtering: Simple vs Advanced

Browser Compatibility and Minimum Hardware Requirements for Sonar

REST API Wrappers for V1 Compatibility

User Profile: Your Personal User Settings

SMS Notifications

Dynamic Time Zones in Sonar

System Settings: Overview

Troubleshooting the Customer Portal

Controlling Your Landing Page: Personal Preferences

Interacting with Files via the API

Getting Your Data into Sonar

Customizing Your Customer Portal

Ticketing: Overview

Canned Replies Examples & Templates

Canned Reply Categories

Inbound Mailboxes Example Build

Ticket Categories Best Practices & Example Build

Exploring Ticket Groups

Using Parent Tickets

How to Integrate Inbound Mailboxes with Slack

Advanced Ticketing Features

API Changes for Voice Billing

Best Practices to Remain CPNI Compliant

Billing Voice Services in Sonar

Deploying Voice Services in Sonar

Sonar and General Data Protection Regulation (GDPR)

Technical Security Overview

CyberSecure Canada Certification

Sonar's Security Strategies

Best Practices for Fast Tracking a Support Request

How Sonar Bills Your Instance

The Sonar Status Page

The Sonar Community Forum

Feedback Portal / Suggest a Feature

Sonar Casts Table of Contents

How to Request Termination of your Sonar Instance

Submitting Bugs vs. Feature Requests

Third Party Customer Support Referrals

New Client Training Overview

Learning with Sonar: Tools and Resources

1.0 Purpose
2.0 Information Security
3.0 Application Security
- 3.1 Application Environment
- 3.2 Penetration Testing
4.0 Technology Governance

All Categories
Working With the Sonar Team & Additional Resources

Sonar's Security Practices & Certifications

Technical Security Overview

Technical Security Overview

1.0 Purpose
2.0 Information Security
3.0 Application Security
- 3.1 Application Environment
- 3.2 Penetration Testing
4.0 Technology Governance

Read Time: 4 mins

1.0 Purpose

This document has been compiled to provide clients and partners with an overview of Sonar Software’s security-related technologies, policies, and best practices by addressing many of the most common questions and areas of importance to our valued business partners.

The information in this document is to be considered highly confidential and may only be distributed with permissions within the implementing organization.

If you require any additional information please reach out to your Sonar contact and they will initiate the internal request immediately.

2.0 Information Security

2.1 Cloud Security

Sonar leverages the power and security of Microsoft Azure, DigitalOcean, and Amazon Web Services (AWS) to keep client data secure, confidential, and private in the cloud.

Microsoft Azure Cloud Infrastructure Certifications: ISO 9001, ISO 27001, ISO 27017, ISO 27018, ISO 20000-1, ISO 22301, SOC 1-3, CSA STAR.

DigitalOcean Cloud Infrastructure Certifications: ISO 9001, ISO 27001, ISO 14001, ISO 50001, ISO 22301, SOC 1-3, CSA STAR, PCI-DSS.

AWS Cloud Infrastructure Certifications: ISO 9001, ISO 27001, ISO 27017, ISO 27018, SOC 1-3, FedRAMP & FIPS.

Laws, Regulations & Privacy: PIPEDA, CISPE, FERPA, HIPAA, ITAR & EU DPD.

Alignments/Frameworks: CIS, CJIS, CSA, FISC, FISMA, ICREA, NIST & EU-US Privacy Shield.

All Data Centers maintain SSAE-16 attestation in conjunction with their auditor. SSAE-16 attestation is based on an in-depth series of documented controls covering the operational management of the Data Center Hosting infrastructure.

For more details, visit:

Microsoft Azure https://servicetrust.microsoft.com
DigitalOcean https://www.digitalocean.com/trust/certification-reports/
Amazon Web Services (AWS) https://aws.amazon.com/artifact/

2.2 Network Security

Network Security Group controlled access to our private VNets.
Extended Detection and Response (XDR) monitoring of security vulnerabilities and threats.
Intrusion detection and prevention systems to protect against malware threats, brute-force attacks, SQL injections, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, worms, and botnets.
Operating procedures, security policies, and processes ensuring the safety of all Sonar employees, suppliers, partners and customers.
Operating procedures, security policies, and processes controlling the quality of, and maintaining the integrity of, all Sonar information systems and services.
Monitoring systems providing continuous availability and optimized performance.
VPN Administration of all servers.
Centralized logs for all services.
Audit logs of all environmental changes.

2.3 Data Security

Data is transmitted to and from our servers over HTTPS and is encrypted in transit (TLS) using 256 bit AES (or higher) encryption.
Data is stored and encrypted at rest using AES 256-bit encryption.
All communications use SSL (Secure Sockets Layer) encryption and all data is stored in SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified data centers.
Tokenization of sensitive client payment data.
Geographic Data residency options are available.

2.4 Physical Security

Sonar applications are hosted on Microsoft Azure in state-of-the-art regional data centers, designed to protect mission-critical systems with fully redundant subsystems and compartmentalized security zones. Our cloud data centers adhere to the strictest physical security measures including, but not limited to, the following:

Multiple layers of authentication for server area access
Two-factor biometric authentication for critical areas
Camera surveillance systems at key internal and external entry points
24/7 monitoring by security personnel
All physical access to the data centers is highly restricted and stringently regulated

2.5 User Controls

Access to Sonar sessions is under the control of Super Administrators. Sonar Super Administrators are assigned by the customer for each Sonar instance with module-based user roles, and granular-access permissions.

3.0 Application Security

3.1 Application Environment

Code check-ins that are peer reviewed
Enforced password complexity rules and restrictions on re-use
Session access control to restrict access to session data
Session timeout policy in place and enforced
Server OS Hardening and Configuration Management
HTTP Security Headers
XSS-Protection
X-Frame-Options
HTTP Strict Transport Security
Cache-Control
X-Content-Type
Content-Security-Policy

3.2 Penetration Testing

Sonar completes annual independent penetration testing to check for exploitable vulnerabilities, and to ensure the integrity of our online defenses.

4.0 Technology Governance

4.1 Compliance

Sonar is actively working towards ISO/IEC 27001 certification, and our goal is to have this complete within the next 12 months.. Sonar’s commitment to privacy and security are centered around protecting your data, preventing external threats, empowering your individual rights, and the transparency enumerated by the GDPR (General Data Protection Regulation). Sonar’s cloud service platform meets a number of international and industry-specific compliance standards, such as the General Data Protection Regulation (GDPR), CCPA (California Consumer Privacy Act), PIPEDA (Personal Information Protection and Electronic Documents Act), and the NIST Cybersecurity Framework (CSF).

4.2 Privacy Practices

Sonar has implemented a Privacy Management Program aligned with global privacy requirements, including PIPEDA, CCPA, and PCI DSS.

We utilize leading-edge tokenization as our encryption method to ensure the highest level of security in transferring sensitive data. We have stringent requirements and processes to follow when choosing our data-storage providers, who must maintain the highest level of compliance with privacy legislation.

4.3 Operational Management & Access

Sonar may require access to customer data when dealing with support requests. When this is required, the Sonar customer support agent will request access from the customer Administrator, who will then grant the access and be responsible for removing it when the support request is completed.

Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy. We have strict policy and technical access controls that prohibit employee access except in these circumstances.

Table of Contents

Technical Security Overview

1.0 Purpose

2.0 Information Security

2.1 Cloud Security

2.2 Network Security

2.3 Data Security

2.4 Physical Security

2.5 User Controls

3.0 Application Security

3.1 Application Environment

3.2 Penetration Testing

4.0 Technology Governance

4.1 Compliance

4.2 Privacy Practices

4.3 Operational Management & Access

How did we do?

Sonar and General Data Protection Regulation (GDPR)

CyberSecure Canada Certification

Related Articles

Sonar's Security Strategies

Sonar and General Data Protection Regulation (GDPR)

Password Policy In Depth

Table of Contents

1.0 Purpose

2.0 Information Security

2.1 Cloud Security

2.2 Network Security

2.3 Data Security

2.4 Physical Security

2.5 User Controls

3.0 Application Security

3.1 Application Environment

3.2 Penetration Testing

4.0 Technology Governance

4.1 Compliance

4.2 Privacy Practices

4.3 Operational Management & Access

How did we do?

Sonar and General Data Protection Regulation (GDPR)

CyberSecure Canada Certification

Related Articles

Sonar's Security Strategies

Sonar and General Data Protection Regulation (GDPR)

Password Policy In Depth

Contact