Delivering and showcasing a fully compliant CCaaS solution has never been more important.
With businesses and customers more aware of the dangers associated with having their personal and private information accessed without their consent, compliance expectations have risen drastically.
While GDPR and HIPAA are long-standing, non-negotiable legal regulations, PCI, SOC, and ISO are also often expected as standard – which can make trying to keep up feel a little bit like death by a thousand acronyms.
It might not get the fanfare of some of the more exuberant AI-powered tools and features on the market, but a platform that offers seamless, transparent compliance can be a powerful way to enhance a company’s CX offerings.
In a recent discussion with CX Today, Jennifer Sutcliffe, Vice President of Operations and Control at ComputerTalk, shared some insights into how the company keeps up-to-date with all the latest regulations and compliances.
ComputerTalk’s approach can be broken down into three key areas:
Infrastructure
Security measures such as encryption and role-based access controls form the foundation of ComputerTalk’s infrastructure.
Software
ice – ComputerTalk’s CCaaS platform – is built to support data compliance through automated data retention and expiration features.
Access is governed by role-based permissions, ensuring that agents, supervisors, and administrators have different levels of access based on their responsibilities.
Client End-User Controls
Clients are provided with tools and recommendations to enhance internal security protocols.
This includes agent training to prevent phishing attacks, hiring practices that incorporate security clearance requirements, and enforcement of strong password policies.
Inbuilt Compliance Features with ice
The ice platform is designed with compliance in mind.
As well as the features discussed above, ice offers single sign-on and role-based access.
Sutcliffe also detailed how data retention controls help the company effectively and securely handle customer data, explaining that “some industries may require data retention for years, others for months or not at all.
“ComputerTalk configures data storage timelines accordingly. Once the specified period ends, a secure delete function within ice ensures that data is permanently removed.
“Importantly, the data always belongs to the client, not ComputerTalk, and we do not use it for any other purpose.”
In addition, ice users have access to icePay, a PCI-compliant payment processing solution designed to enable secure credit card transactions within contact centers without storing sensitive cardholder data.
“It routes calls outside the IVR for secure payment processing, so we don’t store or record any DTMF tones or sensitive payment data,” Sutcliffe explained.
Despite the array of compliance-focused features and tools, ComputerTalk isn’t resting on its laurels.
Sutcliffe revealed plans to release a redaction tool in the near future.
The solution will leverage AI to automatically redact sensitive information, such as credit card numbers, from real-time or post-call transcripts.
For example, instead of displaying a 16-digit card number, it will show: “XXXX XXXX XXXX 1234”
Clients will also be able to set custom redactions, such as identifying when a password is said during a call and ensuring that it is not stored in the transcript.
But just having a suite of compliance-oriented capabilities isn’t enough; Sutcliffe also discussed the need to prove to organizations that the company and its solutions will actually deliver.
“I can tell you this: many clients now won’t sign a contract without seeing detailed security clauses,” she said.
For Sutcliffe, that willingness to put things in writing gives organizations confidence and helps them to deliver a superior level of CX.
“We don’t just say ‘check the box’ and move on. If a certification requires annual penetration testing, we’ll write that into the contract: ‘We will do annual penetration testing.’ That level of clarity matters.”
Common Compliance Pitfalls
In a complicated process involving multiple certifications and compliances, committing time and resources to the wrong areas is easy, particularly for newer businesses.
To avoid some of these common compliance pitfalls, Sutcliffe has the following advice:
Don’t Start from Scratch
When pursuing ISO certification, ComputerTalk found that the most effective approach was to build on existing processes, rather than creating procedures from the ground up.
The vendor found that adapting current workflows to meet compliance requirements was more natural and sustainable for the organization.
Don’t Overdo the Documentation
Clear, concise guidance is often more effective than excessive paperwork.
In practice, straightforward instructions like “do A, B, C” help teams follow protocols consistently without getting lost in unnecessary detail.
Do Scorecard Your Security Program
ComputerTalk uses key performance indicators (KPIs) to measure the effectiveness of its security strategy.
These include metrics such as the frequency of attempted breaches, staff training completion rates, and the speed of data restoration from backups – allowing the team to identify risks early and maintain a proactive security posture.
For more information on ComputerTalk and its approach to data security, you can visit the website.
You can also learn more about the vendor by watching this interview with Chief Software Architect Chris Bardon and reading about ComputerTalk’s LLM deployment strategy here.
