Comm100 Data Security – How Comm100 Keeps You and Your Customers Safe

The relationship between customers and businesses is built around trust. Unfortunately, many organizations are falling short and an incredible 99% of customers now believe that companies need to improve their trustworthiness. 

To gain back the confidence of customers, organizations must demonstrate responsibility for customer data, beginning with their customer interactions. Building confidence in security and privacy takes time, but organizations are seeing the benefit to their bottom line. One study found that 63% of North Americans would rather purchase from organizations that protect their privacy. 

To meet the needs of secure customer support, Comm100 is leading the way with leading security compliances, a variety of hosting options, and a complete package of security features. In this article, we’ll look at how Comm100 adheres to the highest security standards that meet the needs of even the most regulated industries. 

1. Data security compliances 

Security compliances are more than just numbers and acronyms. They demonstrate a commitment to continuous improvement in the protection of private data. Compliances also show care for the customer who is entrusting their information. 

Maintaining industry-leading security also requires audits by third parties to certify the protocols and procedures that have been put in place. In this section, we’ll look at the compliances that Comm100 adheres to that demonstrate its commitment to keeping customer data safe. 

SOC 2 Type II 

System and Organization Controls (SOC) is a series of certifications produced during an annual external auditing process. SOC 2 Type II compliance demonstrates the internal controls over information systems of the audited organization, including documentation and control framework. These reports look for organizational control of five trust principles that include: 

• Security
• Availability
• Confidentiality
• Processing integrity
• Privacy

The SOC 2 Type II report looks at a system over time, meaning that it has been continuously audited and certified for a period of at least six consecutive months. 

ISO 27001 

ISO 27001 is an independent assessment of data security compliance that is recognized worldwide. This standard requires the establishment of an information security management system (ISMS) to ensure the security of information assets. Comm100’s ISMS is designed to identify potential security risks, outline mitigation methods, and implement risk management protocols. To receive the ISO 27001 certification, Comm100 underwent external auditing from an accredited certification body. 

PCI DSS 

PCI DSS, or the Payment Card Industry Data Security Standard, is a compliance designed for organizations handling credit card payment processing. As the name suggests, PCI DSS came out of the Payment Card Industry, and both MasterCard and Visa require organizations handling payments to be PCI DSS certified. 

HIPAA 

The Health Insurance Portability and Accountability Act certification (HIPAA) comes out of the US Department of Health and Human Services. This standard is designed to ensure that personal privacy is protected in the health industry. HIPAA stipulates how private information must remain secure and private and requires a third-party audit for organizational certification. 

GDPR 

General Data Protection Regulation (GDPR) is a legal framework created by the European Union to guide how personal information is collected and processed. The law gives European citizens the right to request, access, and delete their personal data stored by organizations. By being GDPR compliant, Comm100 provides customers with improved data management, security, and transparency. 

PIPEDA 

PIPEDA (Personal Information Protection and Electronic Documents Act) is Canadian federal law that regulates how businesses collect, use, and disclose personal information. Comm100’s PIPEDA compliance means that customers can be assured their data follows strict processing standards, and that data is only used for the purpose for which it was collected. 

2. Hosting 

Depending on industry or jurisdiction, how information is hosted can have major impacts on organizations and their customers. For this reason, Comm100 offers multiple hosting options that each have their own benefits. 

Cloud Hosted 

Cloud hosted software lives on a remote server owned by a third party. Choosing this hosting option means that data resides on a cloud server that is hosted and maintained by Comm100. The benefit of cloud hosting is easier setup for fast deployments, and instant access to product upgrades. 

Self-Hosted 

For organizations that need to meet strict security and privacy compliance standards, self-hosting is available. Self-hosting, also know as on-premise hosting, means that all the software and data is stored on your own server, in your location of choice. Maintenance is completed by your own IT team, and upgrading is completed on their schedule. The benefit here is in having complete data control, and potential maintenance savings over time that can eventually offset the increased upfront costs. 

Read more about the benefits of self-hosted live chat: When the Cloud Won’t Cut It: Deploying Self-hosted Live Chat Software 

3. Security best practices 

Any information system is only as secure as it’s human elements, which is why software needs to support a variety of features that enforce best practices and compliance. In this section, we’ll look at the features that Comm100 supports to maintain security best practices. 

LDAP Authentication  

LDAP (Lightweight Directory Access Protocol) Authentication is a protocol used for directory services authentication. LDAP Authentication verifies that the credentials entered by a user match the credentials stored in a central database. 

Visitor SSO 

Visitor SSO, or Single Sign-On, allows for synchronizing customer information with a Comm100 Live Chat login. Visitor SSO allows organizations to receive customer account details without having them complete a pre-chat survey or asking for the information later.  

IP Restriction  

IP restriction can limit system access to designated IP addresses. For organizations, this provides the ability to restrict backend access to known support agents by granting access only to confirmed secure addresses. 

Password Policies  

Comm100 password policy includes features like HTTPS authentication, encryption, and complexity standards that do not allow users to set common phrases and words as passwords. 

CAPTCHA Verification  

If a password attempt fails, CAPTCHA Verification allows organizations to prevent repeated access attempts by bad actors. 

Audit Logging 

Comm100 supports audit logging which tracks all agent activities. This allows management to be accountable for all actions performed within an application. 

Wrap Up 

Organizations looking to bring security to their customer service need a provider that cares just as much about data protection as they do. To learn more about Comm100’s commitment to data security and privacy, contact Comm100 today for a personalized demo.