Features of Our Service

Client Data Security

We value and treat your data like our own, and have numerous safeguards to protect it.

The call center door is always locked, and only selected employees have keys. Anyone else must be “buzzed in” by a receptionist who briefly unlocks the door.
We have several dozen security cameras around the call center building, including parking lot, private offices, and the server room, which can be monitored from a building control center and over the Internet.
The server room stays locked with a keypad whose code is known only to authorized personnel.

All CSR’s are located at our facility (we do not use remote CSR’s) so no customer information is outside our control.
To decrease the risk of a caller’s information falling into the wrong hands, operators are unable to play back recorded calls and they are not allowed to have pen, pencil, or paper at their stations. Nor are cell phones allowed in the call center for anyone to potentially transmit sensitive information to a third party.
Operators’ access to the Internet is limited to only specified sites.
Each workstation is locked down so that operators can open only programs necessary for taking calls; they are unable to browse the network.
Each operator and supervisor has a unique user name and password for logging on to the telephone system.
User logins (with information about which PC they are using), as well as other significant system events, are logged on the network servers.
The properties of a call — for example, call time, duration, operator who answered, operator's station number, any subsequent supervisors or operators to whom the call may have been patched, caller’s number, and so on — can be easily retrieved, as well as a recording of the call.

We store each client’s user data in a separate database.
Even after changing the database “master” password, we don’t access the database under it. Instead we use the passwords allocated to various people, with their own set of permissions.
Database access is denied by default, and only allowed when we give permissions.
When it’s necessary to send sensitive data across public networks such as the Internet, we encrypt it.
We only store the user data which is needed for the business purpose, for as long as the client requests, or it is needed for historical checking.
User data is not copied to laptops.
Any printed user data is shredded when no longer needed.

New client/caller transaction data in the databases are backed up every 30 minutes to a separate server, with a full backup every night.
New data on the servers (outside the client/caller databases) is backed up at least nightly. Depending on how critical and time-sensitive the data, and how often it changes, full server backups are done either nightly or weekly.
Backups are rotated to secure off-site storage but not transported or handled by third parties.

Our firewall sits between our internal network and the Internet. Any packets from incoming connections are “dropped on the floor” unless there is a specific rule to allow them. The ability to add or modify firewall rules is restricted to network administrators.

We have anti-virus protection at two levels: on our mail server and on each workstation.
Our mail server checks for new anti-virus definitions every four hours and scans all incoming and outgoing messages and attachments.
Each workstation has anti-virus software installed and updates its definitions once a day before a full system scan runs.

In our network and database, we don’t use the vendor-default passwords. We have various usernames and passwords for different levels of security, and only a small number of people have the highest level permissions. Those passwords are also designed to be “stronger;” i.e., harder to guess or crack.
To inhibit repeated password guessing, a number of systems impose a delay after entering an incorrect password, before allowing another login try.
We regularly apply security updates and patches to our servers and workstations.
We have unnecessary functions disabled on our servers.