convercent ethics cloud: security and business continuity ... · protected by microsoft azure...
TRANSCRIPT
ISO 27001:2013 CertifiedThe International Organization for Standardization (ISO)
specifies strict requirements for establishing a security
framework for information risk management. Convercent is
ISO 27001:2013 certified.
In alignment with the standard,
Convercent safeguards the confidential
data of our customers through
rigorous legal, physical and technical
controls in the Convercent platform and information
security management system, and with our hosting
partners. Convercent is audited annually by an independent
accredited third party to validate our continued
implementation of the ISO 27001 standards.
The Convercent Ethics Cloud Platform—including Insights, Helpline, Campaigns, Disclosures and
Third Party—is the only suite of ethics and compliance applications built from the ground up on
the same platform. And importantly, our platform, data centers, and call centers have security
and high availability built into their foundations.
Convercent SaaS Platform SecurityThe Convercent Ethics Cloud Platform is a proprietary software-as-a-service (SaaS) platform that gives customers
secure access to the most up-to-date version of our applications. Authorized users have universal access via
the Internet to our platform, which is hosted by trusted partners Microsoft Azure and Amazon Web Services.
Customers benefit from the added security of having all of their data in one place on a single platform, unlike
piecemeal ethics and compliance solutions. The Convercent cloud platform also reduces the security and data
privacy issues inherent in spreadsheets and email.
CONVERCENT ETHICS CLOUD:SECURITY AND BUSINESS CONTINUITY OVERVIEW
To guide a successful information
security management system
implementation, ISO 27001 is your best
bet; it is the most frequently used and
most complete model.
– Forrester
HITRUST CSF CertifiedThe Health Information Trust Alliance Common Security Framework, also known as HITRUST CSF, is
an overarching security framework for organizations that create, access, store or exchange electronic
health and other sensitive information. Convercent is HITRUST CSF certified, which means we have
implemented a prescriptive set of controls from multiple standards, regulations (such as HIPAA and PCI), and business
requirements—elevating our security risk management practices. A SOC 2 platform audit is occurring in early 2018.
THE CALL CENTER
GEOGRAPHICALLY CLOUD DIVERSEDISASTERRECOVEERY SITE
YOU
REDUNDANTAPPLICATION SERVERS
REDUNDANTDATABASE SERVERS
SECUREBACKUP
MANAGEDFIREWALL/
IDS-IPS
THE INTERNET
Convercent Business Continuity and Disaster RecoveryConvercent maintains the security and availability of
the Convercent Ethics Cloud platform with customers
top of mind. We employ rigorous facility, network, and
data protection controls, along with stringent business
continuity and disaster recovery practices. This ensures that
your data remains secure, and the Convercent platform and
Call Center are available to you and your team 24/7.
Convercent Data CentersPrivate Convercent customer data is stored at the
Microsoft- and Amazon-hosted data center facilities,
and protected by Convercent’s strict backup and
recovery and disaster recovery processes, with multiple
safeguards incorporated.
FACILITIESConvercent’s data centers are SSAE 16 Type I, II, and III
certified; PCI Level 1 and SOC 2 compliant; UK G-Cloud
Impact Level 2 accredited; and HITRUST and ISO 27001:2013
certified. All audits and certifications are maintained
annually. Microsoft and Amazon facilities are secured and
monitored 24/7, while internal environments are carefully
controlled to protect servers and storage devices.
BACKUP AND RECOVERYReal-time data replication, daily and weekly backups,
and offsite storage are central to Convercent’s backup
and recovery policy. Backups are encrypted before
90% of Fortune 500 companies trust the
Microsoft cloud. Azure helps protect your
assets through a rigorous methodology
and focus on security, privacy, compliance,
and transparency.
– Microsoft
Data Protection and GDPRConvercent’s data protection program strictly adheres to a
“privacy and security by design” approach to development
practices as mandated by the General Data Protection
Regulation (GDPR). Convercent is well positioned for GDPR
compliance in advance of a third-party audit in early 2018.
Data is protected in a secured RDBMS and encrypted with
advanced AES-256 Encryption and digital certificate. All
communications leverage HTTPS and the TLS 1.2 protocol
to encrypt and protect the privacy of data in transit.
Threat ManagementOur dedicated security team ensures that our security
controls, processes and policies are compliant with all
relevant industry regulations. The team employs up-to-
date intrusion prevention and detection systems, with
24-hour monitoring for potential alerts. The Convercent
platform and customer data are further protected by
consistent verification and remediation of vulnerabilities
using static code analysis, dynamic scans, and system
tools. In addition, independent penetration tests are
performed annually by a third party.
transmission, stored encrypted in Microsoft Azure, and
protected by Microsoft Azure storage and data center
physical security. Convercent maintains encrypted backup
data for 365 days.
DISASTER RECOVERYConvercent, Microsoft and Amazon employ and enforce
a robust Business Continuity and Disaster Recovery Plan
to protect customer data in the event of a disaster and
ensure Convercent platform availability for our customers.
Convercent maintains a mirror of our production
environment in a dedicated, geographically remote
disaster recovery site. The Convercent SLA provides
customers a recovery point objective (RPO) and recovery
time objective (RTO) as follows:
Convercent Call CentersConvercent’s Call Center—which processes the
anonymous incident reporting for customers using
the Convercent Helpline and Case Manager solution—
provides the security and redundancy needed to
ensure the continued availability of voice and Internet
communications.
FACILITIESThe Call Center uses the proven Mitel 3300 ICP converged
communications platform, which includes resilient
telephony and network applications. A redundant,
protected network connects to multiple Tier 1 backbone
providers, while backup Internet services ensure
continuous online intake.
COMPLIANCETo protect customer data, the Call Center complies with
Payment Card Industry Data Security Standards (PCI
DSS), Health Insurance Portability and Accountability
(HIPAA), and Privacy Shield regulations.
BUSINESS CONTINUITYThe Business Continuity Plan for the Call Center ensures
that critical Convercent Helpline intake functions will
continue to operate during an unforeseen interruption
in services. The Call Center has multiple ISPs and
multiple phone providers. The Call Center also uses an
uninterrupted power supply so that power remains on
for phones and servers during a power outage.
DISASTER RECOVERYThe Call Center operates with a remote disaster
recovery site. In the event of a disaster, the Call Center
will restore operations as follows:
Call Center Disaster Recovery• Internet: 2-hour RTO• Phone: 2-hour RTO • Email: 6-hour RTO
Convercent Data Centers and Call Centers
Convercent HQ Denver, CO
1. Convercent Primary Data Center Dublin, Ireland
2. Convercent Disaster Recovery Site Frankfurt, Germany
3. Convercent Primary Call Center Sioux Falls, South Dakota
4. Convercent Secondary Call Center North Sioux City, South Dakota
1
23
4
Data Center Disaster RecoveryConvercent Ethics Cloud platform:• 1-hour RPO• 4-hour RTO
CALL OUR TEAMFOR MORE INFORMATION
US: 1-866-403-2713
EMEA: +44 77 916 20332
www.convercent.com
Convercent © December 2017. All Rights Reserved.
Share, Listen and Learn – with a comprehensive
and unified approach. Share policies, training and
disclosure questionnaires through automated campaign
workflows that replace manual processes. Listen to your
employees through helpline and ad-hoc disclosures. Learn
and understand company organizational behavior to
protect your culture.
Correlate and View Your Data in One Place
– with consolidated, accurate, real-time data from the
Convercent suite, your enterprise applications such as
human resources and procurement systems, and relevant
external data sources.
Convercent Insights
Convercent Campaigns Convercent Third Party Convercent Helpline Convercent Disclosures
External DataEnterprise Data
GDP Corruption Perception
Index
SanctionList
Learn
Share Listen
Convercent Data
Third PartiesEmployees
The Convercent Ethics Cloud PlatformThe Convercent Ethics Cloud Platform is the only suite of ethics and compliance applications built from the ground
up on the same platform. The centralized platform ensures that your teams have easy-to-use applications and the
functional coverage you need: