Road to Security: Our SOC2 and PCI Certifications

Data security is top-of-mind with everyone now, especially anyone who shops online. So, it is critical that call centers assure customers and business partners that their credit card and other sensitive information is safe. In order to build that trust, many call centers take the necessary steps to obtain Service Organization Control (SOC2) and Payment Card Industry Data Security Standard (PCI DSS or PCI for short) certifications, which offers independent third-party verification that a call center is using stringent security measures.

Here at The Connection®, we are proud to be both SOC2 compliant and PCI certified. Here is what that means for call centers like us.

What is PCI?

The Payment Card Industry Data Security Standard was created by the major credit card brands. The goal is to protect credit and debit card transactions against potential fraud or theft.

The PCI standard applies to companies of all sizes that accept, store, or transmit credit card payment data. The current version of the PCI standard includes more than 400 security controls organized into 12 primary requirements with six security goals:

1. Build and maintain a secure network
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access control measures
5. Regularly monitor and test networks
6. Maintain an information security policy

What is SOC2?

Service Organization Controls were created by the American Institute of Certified Public Accountants. SOC2 is an audit procedure that helps service providers, such as call centers, establish and monitor data protection controls based on specific “trust service principles.” These are:

1. Security
2. Availability (performance monitoring)
3. Processing integrity of the systems used to process data
4. Confidentiality (such as encryption)
5. Privacy of the information processed by these systems

Certifications Are Not “One and Done”

We monitor numerous aspects of our PCI and SOC2 compliance requirements on an ongoing basis to ensure all protections are functioning as planned. Both certifications require ongoing security monitoring and compliance enforcement day in and day out.

However, to retain our certified status, we must also conduct an annual audit of our programs. This annual review is not merely an opportunity to check boxes off a list. Re-certification requires documentation and evidence showing various compliance activities occurring daily, monthly, quarterly, etc. We also conduct regular security training and awareness initiatives for all employees.

The annual audit involves several steps:

• First, we identify the types of sensitive data we are collecting, storing, and transmitting within our call center environment. We also identify which of our systems are involved with those processes. This helps us define the scope of our audit.
• We complete a risk analysis to determine any potential security vulnerabilities and associated threats. The best way to reduce risk is to store the minimum amount of sensitive data and remove any data we don’t need.
• We work hand-in-hand with our PCI or SOC2 auditor to map the compliance requirements to our existing controls. Mapping helps to identify gaps, so we can then develop a plan to implement or improve controls not already in place.

PCI and SOC2 both require extensive documentation of security policies, procedures, and monitoring activities.

Conclusion

Customer trust is critical for call center success. At The Connection®, we take that trust seriously, and our PCI and SOC2 certifications demonstrate that. For us, it is one more way we can ensure we are giving our clients and their customers the best possible call center experience.

2023 Buyers Guide

Get Listed

Automation

 

1.)

Agara Agara is an autonomous virtual voice agent powered by Real-time Voice AI. It is designed to have intelligent conversations with your customers, vendors, and partners without any assistance from human agents. It can handle a wide variety of calls including inbound customer care calls, outbound lead generation calls, appointment scheduling calls, and overdue payment recovery calls. Agara is available for several industries including banking, insurance, retail, e-commerce, airlines, and telecom. Powered by advanced Real-time Voice AI that understands speech in real-time, automatically determines the right process to follow and guides the caller along in the process with natural conversation.

2.)

Auraya EVA Voice Biometrics Powered by Auraya's patented ArmorVox engine, EVA is a voice biometric extension that provides secure and seamless identification & verification capabilities for Amazon Connect. EVA provides delightful customer experience by removing the friction of providing PINs, passwords or secret information in order to prove caller identity. EVA comes standard with active and passive modes and a simple yet powerful agent interface. This allows for personalised self-service and a more friendly and efficient experience when interacting with an agent. Outdated security methods such as PINs, passwords and security questions have become insecure and unreliable. Forgetting passwords and security answers o... (read more)Powered by Auraya's patented ArmorVox engine, EVA is a voice biometric extension that provides secure and seamless identification & verification capabilities for Amazon Connect. EVA provides delightful customer experience by removing the friction of providing PINs, passwords or secret information in order to prove caller identity. EVA comes standard with active and passive modes and a simple yet powerful agent interface. This allows for personalised self-service and a more friendly and efficient experience when interacting with an agent. Outdated security methods such as PINs, passwords and security questions have become insecure and unreliable. Forgetting passwords and security answers or switching applications to access OTPs can result in inefficient and cumbersome customer experience. Time is wasted trying to verify customers with insecure methods. EVA works in English out of the box but can be configured to work in languages other than English. Recognising what specific digits are spoken using EVA's native speech recognition is only available for the English language out of the box. EVA has additional capabilities such as real-time fraud detection and digital channel enrolment and verification options that can be turned on with customisation services from Amazon Connect consulting partners. If you are interested in these additional features, please contact an Amazon Connect consulting partner that is an authorised Auraya reseller partner.

3.)

Call Adapt Soundboard Software Call Adapt is a cloud-based digital soundboard application designed for contact centers. It works with any type of call and integrates with your existing dialer system. Powered by smart audio technology, Call Adapt gives your agents the ability to converse with customers in real time using programmed keyboard shortcuts. The result is perfect pitch delivery and less time spent on repetitive tasks.

4.)	Cognigy Cognigy is a global leader in Conversational AI Automation. Its platform, Cognigy.AI, enables enterprises to automate customer and employee communications using intelligent voice and chatbots

5.)

Consilium Software Consilium UniCloud™ UniCloud™ is an intuitive platform that allows Enterprises to deploy and manage their Unified Communication (UC) and Contact Center (CC) services with ease and entire provisioning can be completed in seconds using this comprehensive tool supporting digital transformation. The latest release 7.0 of UniCloud™ is a multi-tenant platform that transforms the delivery, management, and integration of collaboration and contact center solutions, for both Cloud and On-Premise deployment models. With its single-pane-of-glass views and quick provisioning tool, UniCloud™ is instrumental in reducing the time to provision an entire multi-cluster Cisco collaboration platform, including contact centers (C... (read more)UniCloud™ is an intuitive platform that allows Enterprises to deploy and manage their Unified Communication (UC) and Contact Center (CC) services with ease and entire provisioning can be completed in seconds using this comprehensive tool supporting digital transformation. The latest release 7.0 of UniCloud™ is a multi-tenant platform that transforms the delivery, management, and integration of collaboration and contact center solutions, for both Cloud and On-Premise deployment models. With its single-pane-of-glass views and quick provisioning tool, UniCloud™ is instrumental in reducing the time to provision an entire multi-cluster Cisco collaboration platform, including contact centers (CCX, UCCE, and PCCE), communications managers (CUCM), voicemail (Unity Connection) and IM & Presence by up to 85% which leads to the faster onboarding process for a new customer. A Self-Care portal within UniCloud™ is effectively managing services specific automation of MACDs (moves, adds, changes and deletes) allowing end-users to perform Day-2 related tasks of their own while reducing the basic operations workload of support teams. Consilium UniCloud™ enables enterprises and service providers to manage and automate the delivery of Cisco-based Unified Communications as a service (UCaaS) and Contact Center as a service (CCaaS) offerings using single, centralized management and easy-to-use administration interface, with role-based access providing granular control over permissions, limiting potentially unauthorized or inadvertent transactions. With its unified portal for UC and contact center provisioning, multi-tenancy and single-pane-of-glass views and tools, UniCloud™ introduces turn-key efficiency in onboarding new customers, provisioning of users, agents, teams, skill groups, and devices, or their migration from non-Cisco platforms to Cisco, and also provides centralized management and monitoring.

6.)	eGain Corporation eGain Solve Proven, Easy, and Guided Journey to Automate Customer Engagement in a Digital+AI World

7.)	Emmersion Automated Language Testing Emmersion offers automated assessments to quickly and accurately test speaking, writing, and grammar fluency in 9 languages and counting. We help contact centers improve CSAT scores by screening for top talent and retaining top performers.

8.)

OpsTel Services SPEED & PLUS The SPEED solution solves for service level issues while cost optimizing the environment with automation. Provides an enhanced way to speed up & optimize invoking temporary agent skills configuration changes into the contact center environment. Speed allows you to schedule both future changes & temporary changes that auto-revert back to the original state when scheduled time expires. Speed features: *Automated / Scheduled Temporary Agent Skills Configuration Management *Immediate Temporary or Reoccurring Schedule Skills Configuration Changes *Easy to Use/Operations Administration Focused *Descriptive Monitoring Activity Dashboard *Detailed “End to End’ Audit Trail and Perfor... (read more)The SPEED solution solves for service level issues while cost optimizing the environment with automation. Provides an enhanced way to speed up & optimize invoking temporary agent skills configuration changes into the contact center environment. Speed allows you to schedule both future changes & temporary changes that auto-revert back to the original state when scheduled time expires. Speed features: *Automated / Scheduled Temporary Agent Skills Configuration Management *Immediate Temporary or Reoccurring Schedule Skills Configuration Changes *Easy to Use/Operations Administration Focused *Descriptive Monitoring Activity Dashboard *Detailed “End to End’ Audit Trail and Performance Monitoring & PLUS provides a single interface, where operations teams no longer have to rely on HR, IT or any other organization to administer agent profile data across multiple technologies in the contact center. The PLUS solution allows for simplified provisioning & maintenance of agent profile data reducing processing time from days, weeks or months in LESS THAN 10 MINUTES! The PLUS features: *Agent Provisioning Cycle Time Reduced from Days/Weeks to 10 Minutes or Less *Fully Automated Agent Onboarding / Updating / Maintaining / and Offboarding of Agent Profiles (Identity, Access, Utilization) *Overlays and Enhances Existing Contact Center Solution Set *Enables Operations Staff to Maintain all Aspects of Managing an Agent’s Profile through “Single Pane of Glass” *Supports Multi-Faceted Agent Profile Attribute Configuration Requirements; e.g. Union Rules, Seniority Dates, Etc. *Detailed Agent Profile Audit Trails

 

View more from The Connection

Recent Blog Posts:

Healthcare Call Center Best Practices: Work with a Qualified Call Center	March 12, 2020
Interpreting a Call Center Metrics Dashboard with The Connection®	February 13, 2020
Benefits of Outsourcing Your Appointment Setting Services	January 30, 2020
Customer Service Trends to Look Out for in 2020	January 16, 2020
Causes of Inaccurate Call Center Workforce Forecasting & How To Avoid Them	November 21, 2019
Call Center Staffing: Best Practices for an Outstanding Team	October 31, 2019
It's All in the Numbers: Your Ultimate Guide to Call Center Metrics	October 17, 2019
Customer Satisfaction Metrics: What You Should Know About CSAT and NPS	May 30, 2019
How to Identify the Best Customer Service Assessment Test for Your Call Center	March 28, 2019
Call Center Training Tips for Managing New Hires	March 7, 2019