Before implementing the Avaya Oceana® application, ensure that the customer security staff reviews and approves the deployment plan. Customers must engage the expertise of their security staff early in the implementation process. The security staff must decide how to incorporate the Avaya Oceana® system into the routine maintenance for virus protection, patches, and service packs.
Payment card industry compliance
Avaya Oceana® adheres to the following security standards to meet Payment Card Industry (PCI) compliance:
Advanced Encryption Standard (AES) 256-bit encryption to protect data when recorded, in transit, and archived on storage. Files related to voice and screen captures are stored in an encrypted form so that only users with proper access to the application can playback calls and view screens.
The ability to mute a portion of the call recording using a CRM integration API (HTTP). For example, muting segments with credit card information.
The ability to capture Audit trail information in logs and databases. For example who did what, and when. The information captured in the database can generate Audit trail reports on user activity such as who played recorded calls, how many times, data deletes, and data updates.
The ability to modify storage folder structure to include client alias. This helps in setting different archival cycles and also provides folder level security across multiple clients.
Tight integration and synchronization with Active Directory for user settings and single sign-on authentication.
Password policy
Each Avaya Oceana® customer must create a password policy for their users. Administrators define a set of rules to maintain system security. Policies include rules for:
Password syntax: The length and syntax.
Password history: The number of unique passwords required before reusing an old password.
Password expiration and lockout: The validity, warning, and grace period for expiration and lockout rules.
Role-based access control
You can use roles in Avaya Oceana® to improve security and administration. Define administrative roles for your business using a role-based access control application.
To implement access control, Administrators can group a set of privileges into a role. Roles are assigned to users. Some of the commonly used roles are Agent, Supervisor, Manager, Quality Manager, and Administrator.
Data privacy
The Oceana Data Management utility manages act on privacy requests from customers. For example, if a customer exercises the right to access information or their right to be forgotten, the Oceana Data Management utility provides a method to act on these requests.
