IVR Compliance Issues

4 IVR Compliance Issues to Consider When Shopping Around

When seeking new IVR vendors for your contact center, there are, of course, many priorities to juggle. What option has the best price? Is the solution scalable? Is the platform kept up to date with advancing technologies?

Whatever your top priorities may be, compliance needs to be on your mind when shopping for an IVR solution. Without a platform that meets the security standards relevant to your industry, you could end up in a potentially costly situation down the road. Fortunately, many of the characteristics of a standards-compliant IVR also make it a safe, scalable, future-ready choice.

Below, we’ll cover 5 things you should be thinking about when it comes to finding a standards compliant IVR.

1- In Scope vs. Descoped

When looking at any given security standard, whether it’s HIPAA, PCI DSS, Cyber Essentials, or something else, you need to consider what elements of your contact center are in scope, and therefore need to maintain compliance. For example, when looking at PCI compliance, any person, system, or piece of hardware that has access to a customer’s payment information is considered “in scope” for PCI DSS.

Descoping is one simple way to achieve compliance for a number of security standards. Using PCI as an example once again, if you have your IVR set up so that your agents do not hear or see payment details, and they never enter their agent desktop systems, then your contact center is out of scope and therefore does not need to be trained/updated to meet PCI requirements. The descoped IVR solution, using tools such as Plum SecureAssistant, is doing all the heavy lifting for you.

2- People, Hardware, & Software

As alluded to above, achieving standards compliance (no matter what that standard is), typically involves thinking not only about your software, but also about your people and your hardware.

Any employees who handle sensitive data will likely need to be trained to properly handle it. Any physical hardware that comes into contact with secure data will need to be kept secure as well. And it typically isn’t only about the rack servers and other hardware you use, but how they’re physically secured, whether they have appropriate redundancy, and who has access to them.

When it comes to software compliance, you need to ensure that your systems store, encrypt, and decrypt data according to guidelines and provide audit controls, among potential other items. That is, of course, if your software is within scope. When shopping for new IVR solutions, make sure to find out how each option handles sensitive data, and whether you will potentially be responsible for getting your agents trained and your hardware systems upgraded.

3- Keeping Up to Date with Evolving Standards

As technologies evolve and criminals find new ways to exploit these technologies, data security standards have to evolve as well. This means it’s necessary to audit your contact center on a regular basis to ensure everything is still meeting the current standards and not exposing your staff or customers to any data leaks.

When looking into your many options for IVR, be sure to ask questions about how each option keeps up to date with improvements and changes within security standards. How often does their software get updated? How long have they been providing a compliant platform? Do they have an incident response team should a major issue occur?

4- Industry Specific Compliance Issues

Depending on your industry and what specific data your contact center handles, you may also be subject to other laws or standards. For example, you deal with healthcare or insurance, you’ll need to ensure your systems and people are HIPAA-compliant. If you’re in finance, the Gramm-Leach-Bliley Act (GLBA) will apply to your business.

It’s important to look into what standards apply to your industry and ensure that your IVR provider is compliant before making a final decision.

Making the Right Choice

With all these items in mind, you can continue your IVR search knowing that you’ll be able to find a provider that meets all your compliance needs. To learn more about Plum Voice’s standards-compliant IVR platform, get in touch with an expert today.