CallMiner have announced the moves that they have made to reinforce the company’s commitment to process and data security and privacy for its customers.
These moves included recieving its SOC 2 Type II Attestation Report, FISMA Compliance Audit, HIPAA Security Rule Compliance, ISO 27001 Compliance, and PCI Report on Compliance (RoC).
All compliance verifications were performed by KirkpatrickPrice, a licensed CPA and PCI QSA firm.
The completion of the SOC 2 engagement exemplifies CallMiner’s market leadership and pledge to deliver high quality service to its customers by demonstrating they have the necessary internal controls and processes in place.
SOC 2 engagements are based on the AICPA’s Trust Services Principles and focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
“CallMiner selected the security principle as the basis of their audit,” said Joseph Kirkpatrick, Managing Partner with Kirkpatrick Price.
“CallMiner delivers trustbased services to their customers, and by communicating the results of this audit, their clients can be ssured of their reliance on CallMiner’s controls.”
The firm also verified CallMiner’s leadership position in information security by performing an audit of CallMiner’s Information Security policies and practices.
CallMiner’s final report on FISMA compliance documents the physical, administrative, and technical safeguards they have implemented, the effectiveness of the CallMiner Risk Management Strategy, and how their controls achieve FISMA compliance. CallMiner has taken these steps to assure customers that they continually assess and manage these risks and exercise the necessary precautions.
The independent audit also determined that all access controls to Electronic Protected Health Information (ePHI) stored on CallMiner systems complies with Health Insurance Portability and Accountability (HIPAA) requirements. The HIPAA Security Rule is a national standard set for the protection of consumers’ ePHI.
CallMiner is the only cloud-based speech and customer engagement company that meets these standards.
An independent review was also conducted of CallMiner’s information security control structure and the organization’s compliance with ISO 27001. The review determined that CallMiner has implemented adequate administrative, physical, and technical controls to address their security risks.
“ISO 27001 provides excellent guidance for developing an Information Security Management System” Kirkpatrick says.
“This audit demonstrates that CallMiner utilizes a widely respected and international standard to select controls as part of their own information security management practices,” he continues.
An audit and appropriate testing were also performed of CallMiner’s controls relevant to the storing and transmitting of information from credit, debit, or other payment cards. In accordance with the PCI Security Standards Council, the firm’s Qualified Security Assessors verified that CallMiner remains PCI compliant.
“Our third-party opinion validates these controls and the tests we perform provide assurance regarding the Engagement Optimization customer engagement and speech analytics services provided by CallMiner to its customers,” Kirkpatrick comments.
“The security of our customers’ data is our highest priority. Verifying regularly and rigorously that our security controls and processes continue to exceed compliance standards is just as important to our business as it is to our customers, especially with the growing adoption of analytics and increasing awareness of data security,” says CallMiner COO, Adam Walton.
Find out more by visiting www.callminer.com