Providing the best customer support means offering the most advanced security features; we’re trusted by the most respected healthcare and financial brands in the world. Relying on Intrusion Prevention System, Gateway Anti-Virus and firewall solutions, we provide extensive inspection of all traffic entering and leaving the Velaro system. Our secure system configurations are hardened and regularly audited using published system benchmarks from the Center for Internet Security (CIS) and The National Institute of Standards and Technology (NIST).
Internal and external vulnerability assessments of our system are conducted regularly. Our Network Operations Center Team (NOC) monitors all system components for security, availability and performance; any issues are automatically reported to the Velaro NOC team for immediate assessment. Our primary servers and network infrastructure are hosted at a co-location facility managed by DataPoint. Accessible at all times by approved personnel, DataPoint’s facility is SAS-70 compliant and maintains the highest level of monitoring and security.
Our chat system is based on standard HTTP and HTTPS protocol and ports. We rely on Secure Socket Layer (SSL) technology to protect your information using server authentication and data encryption. Only authorized, registered users have access to data and our application security model ensures that your user identity accompanies every request to the Velaro server.
Interactions between visitors and agents are never directly communicated over the internet, but through secure, off-site servers. As information is processed, it is monitored by enterprise grade firewalls, intrusion detection systems and application content filters to ensure maximum security. Anti-virus software continually scans all files transferred within the system to reduce the risk of external security threats and prevent unauthorized access.
Our agent consoles exceed industry standard security practices. We provide extensive security features that can be enabled or disabled by authorized users through a web-based administrative control panel. These controls allow administrators to segment specific security settings for complete control over each console.
Specific roles can be designated to different users associated with your account. Depending on that role, each user has different access and control capabilities. Agents can also choose to enforce secure HTTPS (SSL) protocol so that any communication can be encrypted with 256 bit SSL.
We recognize Open Web Application Security Project (OWASP) as the authority on web application security. Our coding practices are implemented according to OWASP standards, including input validation, data sanitizing, source code audits and penetration testing.
We implement a password policy that can be customized to match your corporate policy. Password history, length, expiration and complexity can be configured for maximum password privacy. Authority to access and manage login accounts is given to a customer?designated administrator.
We do not sell, rent or lease client information. Personal and confidential information is stored on secured servers, and transmission is protected through SSL encryption. Cookies are occasionally used to identify visitors, but we do not rely on them to function. If cookies are used, they are third-party cookies and marked as coming from the Velaro domain in accordance with industry standards.
Our advanced storage system uses enterprise quality RAID 5 storage devices for rapid uptime and availability. Our application security model ensures user identity information accompanies every request to the Velaro server for maximum privacy of customer data. Data storage is accessible using strongly encrypted communication paths only. An additional layer of encryption allows you to supply your own private encryption key so that chat conversations can be pre-encrypted before being stored permanently on our servers. Customers own their data, and Velaro employees cannot access customers’ encrypted data.
Recovery & Backup
Our production system is designed with high availability on every critical system device with automatic fail-over to prevent a single point of failure. Our extensive disaster recovery plan ensures continuity of operations through both local and off-site backups of all system components and data.
All backup files are verified, encrypted and compressed for transfer to an off-site facility. We maintain a secondary “hot standby” facility where our databases are constantly replicated; all systems can be brought back online at our secondary location with little-to-no time. Our standard data retention policy keeps your data online and available for real-time accessduring a period of no less than three years. Archived transcripts that are over three years old are never deleted, but are moved offline. Any transcripts that have been moved offline can still be made accessible within 48 hours of a customer’s request.