At CallFasst we protect what is most important to our customers
Being technology-dependent, contact center industry evolves very fast. Therefore, our company must be alert and constantly updated in order to not be left out of the business. One of the fundamental issues in which we must stay at the forefront is security. Pandemic was a clear example: campaigns for health services that involved the protection of certain data had to be implemented as a matter of urgency. On the other hand, emerging actions such as home office and classes from home caused Internet connectivity to grow impressively. The simple fact of connecting to the Internet is already a risk, which leads us to look for companies and providers that give us the confidence that, when we hand over our banking or any other kind of data, they will only be used for what we request.
How important is it for you to share your personal data?
If you share your information with a company, can you be sure that they will take care of it as you would? The exponential growth of Internet use, accelerated by the pandemic, has also increased the theft of information and personal data not only from individuals but also from companies that have the commitment to protect them.
It is precisely under this scenario —where the theft of information is more damaging than the theft of real estate— that contact centers have to be more committed than ever to the protection of our customers’ user data. For this reason, Eduardo Romero Jorge, Director of Auditing and Information Security, shares with us what CallFasst does in terms of security.
Certifying ourselves to meet the highest standards
It was since 2016 that our efforts in data protection certification began. At that time, there were no clients asking us to do so, it was more out of conviction to offer distinctive services that would provide trust and exceed the expectations of new and existing business partners. The following year, we obtained ISO 27001 certification in information security, and we were recertified a few months ago.
Since then, we have the infrastructure that allows us to be one of the few contact centers that have all the controls required by ISO 27001 activated; all are evaluated in a timely manner and we have evidence of everything to demonstrate compliance to the certifying company, in this case NYCE Sistemas de Gestión.
The 27001 standard requires, among other things, a series of controls:
Human Resources: awareness and evaluation of their competencies in information security, as well as their background to verify that they have not been involved in bad practices related to the safeguarding of data.
Infrastructure: There is always constant maintenance and the equipment has the latest software and antivirus updates with the best technology. Likewise, to guarantee that, in the event of any critical situation such as the loss of electric power or a flood, we have a plan that allows us to reactivate our business in the short term in order to be able to carry out the services for which we were contracted. To achieve this, we make redundancies in our contact centers, having more than two carriers or telephone and internet companies to continue operating, keeping our facilities interconnected to be able to operate any of our campaigns in any of our centers. In fact, several of these controls were put to the test with the arrival of COVID-19, when more than 50% of the staff had to move to work from home. The result came as expected: we continued to operate securely with the support of CallFasst’s infrastructure, technology, telecommunications, database, development and other areas.
Regulatory: As part of the contact center industry, we have to comply with both the regulations we have directly with the authorities and those of our customers. Some examples are: the Federal Law for the Protection of Personal Data in Possession of Individuals, the Public Registry of Users (REUS), Public Registry to Avoid Advertising (REPEP), as well as everything related to the Federal Law for the Protection of Industrial Property, as well as other industry regulations.
Suppliers: We mainly work with telephone and internet companies, who contractually have confidentiality agreements, as well as availability requirements where they commit to provide a continuous service. We also have balancing tools that detect if there are losses or drops in service. In case this happens, we immediately and automatically switch from one provider to another without the need for this task to be done manually. Finally, each and every one of our suppliers is evaluated by both the purchasing and IT areas, depending on the service they offer.
What kind of tests do we carry out?
To examine our security mechanisms, on the one hand, we test our internal facilities as well as those operated by third parties, who must detect if there are vulnerabilities in our network and infrastructure. If there are, we draw up internal plans to remediate these potential risks and thus continue to guarantee the best possible service to our customers. We also implemented the development of our CGIS+NET infrastructure, which is the lifeblood of our operation and for that reason has constantly undergone evaluations and upgrades incorporating SSL certificates so that the tool meets the highest standards of information security.
Internal audits have been evaluated positively with respect to its performance and this is reflected in the audits performed by our customers and third parties, since we have had no penalties or incidents due to security breaches. As for the last recertification under ISO 27001, we had zero non-conformities. In fact, we have been visited by customers and prospects who have shared with us that they were pleasantly surprised to see the way we have implemented information security models at the process, control and infrastructure levels compared to other contact centers.
People is the key
However, Eduardo clarifies: “You can have the best infrastructure, the best security systems, processes and tools, but if you do not have people who do not feel that the security policies are their own and put them into practice, it is difficult to comply with the regulations”. For this reason, awareness is created on a daily basis, mainly with the support of our Communication area, whose main objective is to regulate and raise awareness.
In the words of our CEO: “The information security guidelines have helped us to manage the business in an orderly manner. Thanks to them, we have been able to ensure the continuity of the operation despite situations such as the pandemic. These models of controls have allowed us to be the only contact center that was considered and reviewed several times by Civil Protection and Health Secretariat of Queretaro in terms of pandemic control review and we were always well evaluated, even our processes have been taken back to replicate them in other companies in the sector”.
For this and more, CallFasst is committed to the adoption of new practices and investments in infrastructure that allow us to remain at the forefront of information security in compliance with international standards.