Call recording compliance

Our compliance statement

touch recording
for…
  • telenor
  • AT & T
  • Alcatel Lucent
  • Cisco
  • icenet
  • Mitel
  • Unify
  • 3CX
  • Telavox
  • Skype for business
  • Telefonica O2
  • Bloomberg
  • Avaya
  • Puzzel
  • Phonero
  • Wave
  • Genesys
  • Reuters

Call Recording compliance

Touch Call Recording Service is maintained as part of an ISO27001 certified information system. It is located on two geographical sites with one production site and one disaster recovery site. Data is mirrored across multiple sites, with nearinstant access to recordings through an intuitive interface.

Encryption

A two-stage encryption process, designed according to ETSI TR 102 661, is applied to data storage.

Stage One: A new, random secret key is generated for each data file. The cryptographic algorithm used for the symmetric encryption is AES.

Stage Two: The secret key is encrypted with an RSA asymmetric encryption algorithm. The encrypted, secret key is then stored in the database together with a reference to the encrypted data file.

Database integrity and database audit

The database solution assures the integrity of stored data and provides full traceability for database operations. A web user must acquire a login to the web interface and may interact with the database only via:

  • The web interface
  • The use of stored procedures containing predefined SQL statements

The actual query (type of query and search parameters) will be logged in the database together with the specific session ID that refers to an individual web user’s account.

Database audit capabilities will be enabled for all database operations performed by the database administrator.

Data transfer

Recorded calls are transferred from Touch Call Recorder to the recording facility  using VPN, SFTP and HTTPS . All customer interaction with the recording service web interface is secured via HTTPS. A two-stage process ensures secure login.

General Data Protection Regulation (GDPR)

Touch Call Recording Service supports the General Data Protection Regulation (GDPR) and UK Data Protection Act 1998. GDPR comes into effect on 25th May 2018 and replaces the current Data Protection Directive 95/46/EC.

GDPR was designed to harmonise data privacy laws across Europe and give EU citizens more control over their personal data. It will reshape the way organisations across the region approach data privacy, by insisting on greater transparency in the way in which organisations process data.

We also track other current and future legislation to ensure that we continue to enhance our service to support new regulations.

The ‘Access-right user’ (described below) is an example of functionality developed to comply with the new data act. The purpose of Personal Data Acts is to protect persons from violation of their right to privacy through the processing of personal data.

The Acts help to ensure that personal data are processed in accordance with fundamental respect for the right to privacy. This includes the need to protect personal integrity and an individual’s private life, and also to ensure that personal data are of adequate quality to meet legislative requirements.

We have created a streaming solution to help our customers fulfil their legal obligations without actually giving end-customers permanent access to the data files. Creating an Access-right user in the system enables temporary access, when it may be required.

The Access-right user is typically a customer who has requested access to his or her recordings. The Company Administrator grants temporary access to selected recordings. When the recordings are made available, an SMS is sent to the Accessright user who then can access the recordings via a web interface. All use is logged.

FCA

The solution complies with FCA regulations.

Stay in touch...
  • Linkedin
  • Google+
  • blog
Contact us
*
Please enter your name

*
Please enter a valid email address

*
Please enter your telephone number

Invalid Input

Invalid Input