Call recordings can offer invaluable intelligence to an organization as well as provide critical compliance and dispute resolution support. However, those same precious recordings can also contain some very sensitive customer information which must be protected.
At OrecX, we take the protection of personally verifiable information (PII) very seriously. Our recorder features several levels of built-in security to help ensure data protection, including:
- Web security – OrecX offers the only recording solution which is OWASP Level 2 compliant. Being OWASP Level 2 compliant means that OrecX underwent rigorous testing by a renowned third party security company, successfully clearing both automated and manual test suites (e.g. a real hacker trying to penetrate) designed for applications that contain sensitive data that requires protection.
- Encryption – Oreka TR (total call recording software) can be configured to automatically encrypt all recordings using the Blowfish 256 encryption algorithm. Files can thus be played back only through the web portal.
- User authentication – password rules can be imposed to ensure passwords are difficult to hack. Passwords are stored with state-of-the-art bcrypt hashing algorithm, which protects them even if when a database is compromised. The system also automatically locks a user out after a given number of unsuccessful login attempts.
- Tamper-proof – to identify file tampering (of a recorded call), a mathematical formula is computed at the completion of every recording (and stored in the database).
- Secure access – Access to recordings is end-to-end secured (both at rest and in transit) and restricted to only logged-in users.
- Audit trail – All important actions related to your recordings are recorded in the database. This ensures you can easily uncover who has accessed what and when.