Contact Center On-Demand Platform and Technology Security and Compliance  Services  FAQs

Security and Compliance

Why Security Matters

Echopass understands that your customers are your lifeblood. They depend on you to maintain their privacy and security, and those duties pass through to your contact center services provider.

Echopass is fully SAS70 certified, with documented and validated advanced measures to ensure the security in our facilities and security of our customers. Our extensive security measures include:

Data security is delivered through stringent authentication requirements, secure database partitioning, Cisco firewalls, multi-level anti-virus protection, intrusion detection systems, and 24 x 365 monitoring by network engineers. Physical security controlled by 24/7 card-key access, security system logging, security personnel, and regular audits of access lists. Additional security measures include:

• Physical Security
  • Controlled facilities access
  • All business critical systems are housed in a secure datacenter
  • The datacenter maintains a low security profile
  • Unauthorized personnel must be escorted if entering the datacenter
  • Documented physical security policies and procedures
• Logical Security
  • IT security manager is responsible for oversight
  • Processes kept current with trends in security
  • Established and approved account administration
  • Data and system access procedures
  • Logging logical security activities related to data access and data security
  • Data categories ensure all data is classified in terms of sensitivity
  • Data is exchanged only over a trusted path
  • Firewalls and/or router access control lists (ACLs)
  • Authentication protects against unauthorized access
  • Firewall traffic is logged
  • Communication processes ensure timely notification of anomalies
  • Network and platform security, including authentication and data encryption
  • Application security on agent’s desktop, on the datacenters’ servers, and in application integrations
  • Service continuity infrastructure and disaster prevention (instead of disaster recovery) practices to seamlessly shift operations to an alternate datacenter if needed

SAS70, HIPAA, PCI

With Echopass, you can rest assured that we meet, and often exceed the most stringent industry compliance practices, including:

• SAS70-certified security—ensures your contact center assets are always protected through via Echopass SAS70-certified security (both physical and logical), robust process management and datacenter policies.
• HIPAA compliance—ensures your customers' health information and identity is protected and secure at all times.
• PCI compliance for credit card payments—ensures your customers’ sensitive card holder data and identity is protected and secure at all times.

"For AEIS, Echopass was able to pass a mandatory 400-page corporate security audit. Echopass successfully passed the rigorous audit on the first attempt—to date, the only vendor to do so. Without this, the move to a hosted solution would have been a 'no go'."
Regina Greer
Director of Client and Cardholder Services
American Express Incentive Services