Skip to content

Ensuring Top Security with Telerain’s Robust Communication Platform

KruptoConnect delivers a quality solution while maintaining the confidentiality, integrity, availability, and privacy of sensitive data that are critical to your business and ours.
Military security of kryptoconnect software
Network security of kryptoconnect software

 

Network Security

 

AWS provides a strong foundation of security and compliance which we supplement by employing industry-standard network security controls designed to protect Customer Data, including, but not limited to, the following:

 
Intrusion Detection Systems

We have implemented and maintained a host-based intrusion detection system and network-based intrusion detection system designed to alert us in the event of suspicious activity.

Data Connections between You and KruptoConnect

We use HTTPS/TLS with AES-256 encryption to secure connections between browsers, mobile apps, and other components to KruptoConnect and also add up an additional layer of AES-256 encryption on the Socket connection to our platform. There is a dual layer of Cryptography that we use to secure communication.

Data Connections between KruptoConnect and Third Parties

The data transmission or data exchange between KruptoConnect and the third party that is authorized by the client to receive the data happens using the top secure file transfer methods such as TLS, SFTP, HTTPS, etc

Encrypted Recordings

We encrypt call recordings by default. KruptoConnect generates customer specific recording encryption key used to secure each call recording. Chat sessions are encrypted in transit.

Encryption Protection

We use industry-standard methods to support encryption. We use a minimum of RSA 2048 bits for asymmetric key encryption. For symmetric key encryption, we use AES 128 bits. For hashing, we use SHA1 and SHA2.

User Access Control

 

We have implemented and maintained appropriate access controls and the concept of least privilege designed to ensure only authorized users have access to Customer Data within KruptoConnect. User access is logged for audit purposes.

 

User Access (Managed by Us)

 

KruptoConnect is a managed service. Our responsibilities include, but are not limited to, managing the entire application, creating the users, and extensions, and assigning respective access control. The other roles like defining the usernames, creating the passwords with setting minimum length, degree of complexity, a time frame for expiration, and defining user roles, etc. are defined by the clients.

 

Our User Access

 

We will create individual user accounts for each of our employees or contractors that have a business that needs to access the KruptoConnect production environment. The following guidelines will be followed regarding our user account management:

 
  1. User accounts are requested and authorized by our management.

  2. User accounts follow the concept of least privilege.

  3. Dormant or unused accounts are disabled after 90 days of non-use.

  4. Session time-outs are systematically enforced.

  5. User accounts are promptly disabled upon employee termination or role transfer, eliminating a valid business need for access.

User access in kryptoconnect software

Ensuring Top Security with Telerain’s Robust Communication Platform

 

We have implemented and maintained an information security and awareness program that is delivered to employees and appropriate contractors at the time of hire or contract commencement and annually thereafter. The awareness program is delivered electronically and includes a testing aspect with minimum requirements to pass. Additionally, development staff members are provided with secure code development training.

Policies And Procedures
 

Policies And Procedures

We maintain policies and procedures to support the information security program. Policies and procedures are reviewed annually and updated.

Change Management
 

Change Management

We utilize a change management process based on industry standards to ensure that all changes are appropriately reviewed, tested, and approved.

Data Storage And Backup
 

Data Storage And Backup

We create backups of critical Customer Data according to documented backup procedures. Backup data will not be stored on portable media.

Vulnerability Testing
 

Vulnerability Testing

We conduct internal vulnerability scanning on a regular basis with automated scans and at least an annual basis for penetration testing engagement

Data Destruction
 

Data Destruction

We follow AWS standard practices for the destruction of Customer Data that becomes obsolete or is no longer required under the Agreement.

Code Review
 

Code Review

Applications running within KruptoConnect were developed and are maintained utilizing industry-standard secure coding practices and unit testing

 

Business Continuity and Disaster Recovery

 

KruptoConnect is deployed and configured in a redundant infrastructure through AWS. Data repositories in KruptoConnect use redundancy and replication designed to maintain availability and avoid data loss in the event of a lost data node.

disaster recovery
high

High Availability

 

KruptoConnect utilizes AWS services to provide highly available environments, including, but not limited to, the following:

 
  1. Availability Zones (AZs) consist of one or more discrete data centers, each with redundant power, networking, and connectivity, and housed in separate facilities;

  2. Auto Scaling Groups (ASGs) to dynamically scale clusters based on demand and automatically launch replacement instances in the event of a failure.

  3. AWS Elastic Load Balancers (ELBs) to route internal and external traffic to healthy infrastructure and automatically reroute traffic away from unhealthy infrastructure;

  4. Durable message queuing systems that support request queuing and point-to-multipoint notifications. Message queues allow us to both load-balance requests/events and handle load bursts without data loss; and

  5. Amazon Simple Storage Service (S3) is an object storage service that is used to store data that can be retrieved at any time and from anywhere on the web. Objects are stored redundantly in multiple locations across the globe.

Security Incident Response

 

We maintain a Security Incident response program based on industry standards designed to identify and respond to suspected and actual Security Incidents involving Customer Data. “Security Incident” means a confirmed event resulting in unauthorized use, deletion, modification, disclosure, or access to Customer Data.

01

 

Notifications

 

We maintain a Security Incident response program based on industry standards designed to identify and respond to suspected and actual Security Incidents involving Customer Data. “Security Incident” means a confirmed event resulting in unauthorized use, deletion, modification, disclosure, or access to Customer Data.

02

 

Notification Details

 
  1. The date that the Security Incident was identified and confirmed;

  2. the nature and impact of the Security Incident

  3. actions already taken by us

  4. corrective measures to be taken

  5. evaluation of alternatives and next step

03

 

Ongoing Communications

 

We will continue providing appropriate status reports to you regarding the resolution of the Security Incident and continually work in good faith to correct the Security Incident and prevent future such Security Incidents. We will cooperate, as reasonably requested by you, to further investigate and resolve the Security Incident.

Privacy

 

We are bound to protect the customer data that is dealt with under our control. Our privacy program is designed to respect and safeguard sensitive data. We do not share, rent or sell any personal information to anyone.

 
 

Industry Specific Certifications

 

Our security and operational controls are based on industry standard practices and are designed to meet, ISO 9001, HIPAA, PCI Service Provider Level 1, and SSAE16 Service Organization Control (SOC) guidelines.

KruptoConnect utilizes infrastructure deployed on Amazon Web Services (AWS). AWS provides the following letters of compliance and/or certification: ISM, ASD, ISO 9001:2008, ISO 27001:2013, ISO 27018:2014, ISO 27017:2015, Multi-Tier Cloud Security Standard Level-3 (CSP) Certification. AWS also undergoes frequent SOC 3 audits. A copy of the certifications and audit reports for AWS is available on the AWS website at http://aws.amazon.com/compliance/published-certifications.

In Summary, our Customers are solely responsible for achieving and maintaining any industry-specific certifications required for their business (e.g., PCI DSS, HIPAA, GLBA, NIST 800-53, FedRAMP, etc.).

cloud server logo

Availability

 

To help realize this, KruptoConnect cloud contact center lives in multiple availability regions in tier 4 data centers and uses active/active redundancy on AWS Cloud Platform. This means not only is your contact center replicated, but redundant backups are active, routinely tested, and ready to failover in an instant. KruptoConnect is a reliable contact center designed for ease of use and ease of mind.

We know that organizations rely on their contact center to be available always. When customers are reaching out for assistance or information, call center availability is critical.