Before starting the deployment process, use Avaya Oceana® and Avaya Analytics™ capabilities to enable or configure the security layers before you commence the deployment process. Customers must engage the expertise of their security staff early in the implementation process.

Multiple configurations turn off security by default while all other options are turned on. For example, customers can turn the security settings off manually. The staff must decide how to incorporate the security system into the routine maintenance for virus protection, patches, and service packs.

Payment card industry compliance

The following are the security standards to meet Payment Card Industry (PCI) compliance:

• A 256-bit Advanced Encryption Standard (AES) encryption to protect data while it is recorded, transmitted, and stored. Files related to voice and screen captures are stored in an encrypted form so that only users with proper access to the application can playback calls and view screens.

• A CRM integration API (HTTP) to mute a portion of the call recording. For example, muting segments with credit card information.

• The ability to capture audit trail information in logs and a database. For example, trails must be available of who performed the operations, what operations were performed, and when the operations were performed. The information captured in this database provides the ability to generate audit trail reports on user activity, such as who played recorded calls, how many times, data deletes, and data updates.

• The ability to modify the storage folder structure to include client alias, which sets different archival cycles and provides folder-level security across multiple clients.

• Tight integration and synchronization with Active Directory for user settings and single sign-on authentication.

Password policy

Every customer must create a password policy for their users. Administrators define a set of rules to maintain system security. The policies include rules for the following:

• Password syntax: The length and syntax of the password.

• Password history: The number of unique passwords required before reusing an old one.

• Password expiration and lockout: The validity, warning, and grace period for expiration and lockout rules.

Role-based access control

You can use roles to improve security and administration. Use a role-based access control application to define administrative roles for your business.

Administrators can group a set of privileges into a role to implement access control. Roles are assigned to users. The following are some roles: Agent, Supervisor, Manager, Quality Manager, and Administrator.

Data privacy

You can use the Data Management utility to handle customer data privacy requests. For example, if a customer exercises the right to access information or their right to be forgotten, the Data Management utility provides a method to act on these requests.