Like many people, over the course of the past year my daily work routine has shifted from physically meeting and engaging with customers to having countless remote sessions instead.

The sheer volume of these online meetings has brought it sharply into focus how today’s companies are now much more exposed to potential compliance and regulation issues than ever before. This firmly underlines the vital importance of choosing the best compliance recording solution to stay on the right side of the law. But what exactly should you be looking out for?

The following questions are a great place to start:

1


Are my connections and media files secure?

When looking into compliance recording offerings, organizations must make sure the chosen solution will be able to:

  • Secure the traffic running from the solutions’ web client to its servers and back.
  • Offer authenticated access to its server.
  • Store and encrypt both in transit and resting media files generated from the recording.
  • Enable compliance-based permissions to restrict access to media files as per regulatory requirements.

2


Is my cloud data stored correctly?

As cloud-based applications gained popularity over the last decade, organizations using either their own or third-party cloud subscriptions must choose a compliance recording solution that supports cloud data security while meeting all compliance and regulatory requirements. Make sure that you look for solutions offering:

  • Data security at rest – Inactive data such as call records and media should be stored and encrypted using application-level encryption, as well as on disks or with storage encryption.
  • Data security in transit – Data flowing through the communications network between the various system elements should be encrypted using secure protocols such as HTTPS and SRTP.



Application Note
SmartTAP 360°
Enterprise interactions recording for total compliance, security and peace of mind


Download Now ➥


 

3


Do my customers control their data accessibility?

One of the many compliance laws that organizations must adhere to is the GDPR. Companies operating in Europe, or those who are working with European customers and suppliers, must make sure their compliance recording solution meets the following requirements:

  • Secured and encrypted access to administrators who wish to give individuals a copy of their personal data.
  • Upon request, administrators should be able to create, delete and edit users’ personal information and can rectify mistakes in personal information.
  • Enable administrators to immediately erase personal information by deleting call recordings.
  • Call recordings should be stored for a specific time range as per the defined retention policies, with automatic deletion once the defines time elapses.

4


Can I protect sensitive data?

Whether your company or organization handle healthcare information, or payment processes, when choosing compliance recording solution, make sure it offers:

  • Role-based access control with appropriate permissions to access the call recordings and stored information.
  • Encryption of all recordings and a digital signature to prevent alteration when exporting data.
  • Stop/resume features for when credit card data is given by a caller.
  • Easy retrieval of recordings and data through search, find, play and export functionalities.

5


Does it promote market transparency?

In today’s interconnected world, honesty and transparency are the gold standard – both for employees and customers choosing their brands. These are not just relevant for the organization’s reputation but are also often required by compliance laws. The right compliance recording solution can help you promote such transparency via:

  • Recording and documenting all internal and external calls and conferences, including voice, video and IM interactions.
  • Integrations with announcement servers like Microsoft Teams and Skype for Business.
  • Storage of call recording and data during mandatory retention periods, with ability to export the data.
  • Tagging of unambiguous metadata, manual metadata enrichment and automated API-based metadata enrichment with back-office data.