Contact Center and Customer Experience Data Security
Security and privacy of customer data is extremely
important and is an essential element of
our client relationship.
The MiContact Center platform enables Norcom to construct and implement a security strategy with controls at multiple levels of data storage, access, and transfer. The MiContact Center compliance measures and achievements adhere to a broad range of laws and regulations governing electronic information security. Enterprises and businesses worldwide have been able to achieve heightened security and high availability.
Here are the some of the laws and regulations that we are able to implement and adhere to for your business:
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI)
What is PCI-DSS?
PCI is a certification required by Visa, MasterCard and other major credit card processors for ensuring data security and privacy. PCI certification protects a company from liability if credit card data is stolen or compromised. For more information, visit: https://www.pcisecuritystandards.org/.
Who is required to adhere to PCI-DSS?
Any company (merchant or service provider) that stores, transmits, records, or acts as a gateway for credit card information is required to become PCI-DSS compliant.
How does Mitel comply with PCI-DSS?
Mitel is fully compliant with the 12 Security Domains of PCI-DSS Level-1 service provider. Compliance is audited and certified yearly by an independent 3rd party, Qualified Security Assessor.
What parts of Mitel’s services are in compliance?
The following components have been certified for use with PCI-DSS related data:
Mitel telephony components.
IVR system, including the “Secure Exchange” feature.
Call recording and playback system.
Mitel Scripting system (e.g., credit card collection screens).
Mitel real-time fulfillment.
Mitel batch fulfillment.
Mitel’s data centers located in the United States, Australia and Europe
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is HIPAA?
Enacted in 1996, HIPAA regulations require companies to adopt policies and procedures to protect the privacy and security of Protected Health Information (PHI). Covered Entities, as defined in the regulations, which include health insurers and billing processors, must fulfill the requirements defined under HIPAA’s privacy and security rules. These rules define administrative, physical and technical safeguards for PHI. For more information, visit: http://www.hhs.gov/ocr/privacy/hipaa/.
Who is required to adhere to HIPAA?
The Privacy Rule applies to health plans, healthcare clearing houses, and any health care provider who electronically transmits health information in connection with certain transactions, which include claims, benefit eligibility inquiries, referral authorization requests, or other transactions for which the U.S. Department of Health and Human Services has established standards under the HIPAA Transactions Rule.
How does Mitel comply with HIPAA?
Mitel security procedures and controls meet customer HIPAA compliance requirements.
What parts of Mitel’s services are in compliance with the HIPAA requirements? Mitel is in compliance with HIPAA requirements in accordance with the following security features:
Call recording encryption.
Strict access controls.
Auditing & reporting systems.
Configurable data sensitivity levels on collected data:
Confidential: Normal access control.
Highly confidential: Restricted access.
Highly confidential - FMG : Encrypted, no user access.
What is Safe Harbor?
The U.S. Department of Commerce, in concert with the European Commission, developed the “Safe Harbor Framework” to allow U.S. organization to comply with the directive by agreeing to abide by the Safe Harbor Privacy Principles. Companies certify their compliance with these Principles on the U. S. Department of Commerce website. The Framework, approved by the EU in 2000, gives companies assurance that the EU will consider their practices “adequate” for data transfers between the U.S. and both the EU and Switzerland. For more information,
How does Mitel comply with Safe Harbor?
Mitel complies with the U.S. – E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Mitel has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.