Road to Security: Our SOC2 and PCI Certifications - The Connection - ContactCenterWorld.com Blog
Data security is top-of-mind with everyone now, especially anyone who shops online. So, it is critical that call centers assure customers and business partners that their credit card and other sensitive information is safe. In order to build that trust, many call centers take the necessary steps to obtain Service Organization Control (SOC2) and Payment Card Industry Data Security Standard (PCI DSS or PCI for short) certifications, which offers independent third-party verification that a call center is using stringent security measures.
Here at The Connection®, we are proud to be both SOC2 compliant and PCI certified. Here is what that means for call centers like us.
What is PCI?
The Payment Card Industry Data Security Standard was created by the major credit card brands. The goal is to protect credit and debit card transactions against potential fraud or theft.
The PCI standard applies to companies of all sizes that accept, store, or transmit credit card payment data. The current version of the PCI standard includes more than 400 security controls organized into 12 primary requirements with six security goals:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
What is SOC2?
Service Organization Controls were created by the American Institute of Certified Public Accountants. SOC2 is an audit procedure that helps service providers, such as call centers, establish and monitor data protection controls based on specific “trust service principles.” These are:
- Availability (performance monitoring)
- Processing integrity of the systems used to process data
- Confidentiality (such as encryption)
- Privacy of the information processed by these systems
Certifications Are Not “One and Done”
We monitor numerous aspects of our PCI and SOC2 compliance requirements on an ongoing basis to ensure all protections are functioning as planned. Both certifications require ongoing security monitoring and compliance enforcement day in and day out.
However, to retain our certified status, we must also conduct an annual audit of our programs. This annual review is not merely an opportunity to check boxes off a list. Re-certification requires documentation and evidence showing various compliance activities occurring daily, monthly, quarterly, etc. We also conduct regular security training and awareness initiatives for all employees.
The annual audit involves several steps:
- First, we identify the types of sensitive data we are collecting, storing, and transmitting within our call center environment. We also identify which of our systems are involved with those processes. This helps us define the scope of our audit.
- We complete a risk analysis to determine any potential security vulnerabilities and associated threats. The best way to reduce risk is to store the minimum amount of sensitive data and remove any data we don’t need.
- We work hand-in-hand with our PCI or SOC2 auditor to map the compliance requirements to our existing controls. Mapping helps to identify gaps, so we can then develop a plan to implement or improve controls not already in place.
PCI and SOC2 both require extensive documentation of security policies, procedures, and monitoring activities.
Customer trust is critical for call center success. At The Connection®, we take that trust seriously, and our PCI and SOC2 certifications demonstrate that. For us, it is one more way we can ensure we are giving our clients and their customers the best possible call center experience.
Publish Date: November 15, 2018 5:00 AM
|All Suppliers||Get Listed|
|PREMIUMFuture Gen International Pte Ltd|
(VIEW OUR PAGE)
Outsourcing provider of English Call Centre services, Audio Transcriptions, Big Data ETL (Extract, Transform, Load) , Big Data Visualization, Big Data Predictive Model Generation
(VIEW OUR PAGE)
CTI Software is the creator of custom application called Davos, which complements the telephone client solutions with intelligent features such as automated call attendant, call recording and archivin...
(VIEW OUR PAGE)
HigherGround develops data collection, information storage, and interaction analytics solutions that easily transform data into actionable intelligence, enabling operational optimization, enhanced per...
View more from The Connection
Recent Blog Posts:
|How to Identify the Best Customer Service Assessment Test for Your Call Center||March 28, 2019 5:00 AM|
|Call Center Training Tips for Managing New Hires||March 7, 2019 5:00 AM|
|Call Center Hiring Best Practices for an Outstanding Team||February 7, 2019 5:00 AM|
|Customer Experience Management Tools: How to Leverage Your Call Center||January 31, 2019 5:00 AM|
|Evaluating Outsourcing Customer Service Cost: Is it Worth It?||January 29, 2019 5:00 AM|
|How to Handle Gaps in Call Center Staffing||January 17, 2019 5:00 AM|
|CSR Management: How to Fire an Employee Without Leaving a Mark||January 10, 2019 5:00 AM|
|Customer Service 101: 5 Things Agents Should Be Doing [VIDEO]||December 7, 2018 5:00 AM|
|6 Tips for Delivering an Authentic Call Center Script||November 29, 2018 5:00 AM|
|Call Center Culture: 4 Ways to Create an Engaged Workforce||November 27, 2018 5:00 AM|