Skip to main content

ELASTICCX DRAAS

Change Management 

Changes are documented within our PSA system, and will include information such as impact assessment, roll back plans and detail of the change. These are peer reviewed and approved by those with the relevant system knowledge. Changes to platforms are posted on our status page (i.e. upgrades and fixes). 

Data Storage & Backups  

Details of third parties associated with the service can be found here  

Backups are inherent to the EXC UC Cloud Service, they provide flexible, scalable and predictable protection. 

Vulnerability & Patch Management 

The external surface is scanned monthly, we use continual host-based scanning for internal vulnerabilities. Critical vulnerabilities to the ECX CX DRaaS environment, IPI will endeavour to patch or mitigate affected systems within 7 working days.  

Data Deletion and Destruction 

Data is deleted according to contractual agreements as stated in customer T&Cs. 

Pen Tests 

CHECK accredited penetration tests are performed annually. Findings are reviewed, tracked, and addressed according to risk. 

Architecture controls 

Separation controls  

All resources are shared as part of a multitenant environment with logical application separation.
Data is encrypted at rest. some data is even encrypted inside the database, like passwords, which means that no one at IPI can access it, even administrators with full permissions. 

Firewalls  

All public facing services of Elastic CX DRaaS utilise access control lists and web proxies, policy and rules are regularly reviewed. 

Connection between client and cloud  

The client to cloud connection is TLS 1.2 encrypted.  

Connection between cloud and third parties  

The connection between cloud and third parties will be conducted using secure methods (e.g. TLS 1.2, HTTPS, SFTP). 

Encryption  

Encryption is used in transit uses TLS 1.2 + and encryption at rest is AES256.  

Logging & Monitoring  

Monitoring – Elastic CX DRaaS Platform performance, resource health and service status is proactively monitored with automatic alerting by NOC operation centre. 

Logging – Elastic CX DRaaS logs all changes within the contact centre are registered in the change log. ECX CX DRaaS Platform services are continually logged and are kept for IPI support purposes.   

Access Control  

Customers own identity providers are supported allowing flexible options for setting up MFA and SSO.  

IPI will use individual user accounts to access the platform. Strong passwords, MFA, session sign outs are enforced. IPI promptly disables accounts upon employee termination. User access rights are reviewed monthly.  

Business Continuity

The Elastic CX DRaaS product is resilient by design using highly available, geo diverse architecture. 

 

 

Page last updated on February 14th, 2024