Change Management
Changes are documented within our PSA system, and will include information such as impact assessment, roll back plans and detail of the change. These are peer reviewed and approved by those with the relevant system knowledge. Changes to platforms are posted on our status page (i.e. upgrades and fixes).
Data Storage & Backups
Details of third parties associated with the service can be found here
Backups are inherent to the EXC UC Cloud Service, they provide flexible, scalable and predictable protection.
Vulnerability & Patch Management
The external surface is scanned monthly, we use continual host-based scanning for internal vulnerabilities. Critical vulnerabilities to the ECX CX CCaaS environment, IPI will endeavour to patch or mitigate affected systems within 7 working days.
Data Deletion and Destruction
Data is deleted according to contractual agreements as stated in T&Cs.
Retention requirements are set by the Customers. The customer can delete, redact, or pseudo-anonymise PII.
Pen Tests
CHECK accredited pen tests are performed annually. Findings are reviewed, tracked and addressed according to risk.
Architecture controls
Separation controls
All resources are shared as part of a multitenant environment with logical application separation.
Data is encrypted at rest, some data is even encrypted inside the database, like passwords, which means that no one at IPI can access it, even administrators with full permissions.
Firewalls
All public facing services of Elastic CX CCaaS utilise access control lists and web proxies, policy and rules are regularly reviewed.
Connection between client and cloud
The client to cloud connection is TLS 1.2 + encrypted.
Connection between cloud and third parties
The connection between cloud and third parties will be conducted using secure methods (e.g. TLS 1.2, HTTPS, SFTP).
Encryption
Encryption is used in transit uses TLS 1.2 + and encryption at rest is AES256.
Logging & Monitoring – What logging and monitoring is in place? How long are records held? What logging and monitoring is available to customers?
Monitoring
Elastic CX CcaaS Platform performance, resource health and service status is proactively monitored with automatic alerting by NOC operation centre.
Logging
Elastic CX CCaaS logs all changes within the contact centre are registered in the change log. Elastic CX CCaaS Platform services are continually logged and are kept for IPI support purposes.
Access Control
Customers own identity providers are supported allowing flexible options for setting up MFA and SSO.
IPI will use individual user accounts to access the platform. Strong passwords, MFA, session sign outs are enforced. IPI promptly disables accounts upon employee termination. User access rights are reviewed monthly.
Business Continuity
The Elastic CX CCaaS product is resilient by design using highly available, geo diverse architecture.
Page last updated on February 14th, 2024