Data Security

Data Security – Protecting Customer Data

Every day, Premier Contact Point is trusted by our Customers to handle their most important customer interactions. Trust is knitted into our culture and underpins our commitment to the protection and security of your customer and business data.

Security Compliance

Premier Contact Point operates to high standards of security and has implemented and maintains an Information Security Management System in compliance with the ISO27001 Security standard, Data and Privacy protection legislation and the recommendations of the Australian Cyber Security Centre (ACSC). Premier Contact Point is also independently certified to ISO27001 Information Security Management Systems.

The Premier Contact Point platform can be used in a manner that complies with these security standards and guidelines. Your compliance while using the platform will be determined by the manner in which you use the platform. This document provides further details on how Premier Contact Point enables you to meet your security requirements.

Authentication and Authorisation

Secure access to the system is critical to ensuring that each user is entitled to access predetermined system features as well as relevant customer and business data and interactions data. In order to access the system a user is required to meet the following conditions:

• Authentication: To meet this condition, the user must prove their identity through the entry of a username and password or some other confidential and unique identifier. Two factor authentication can be configured by customers using an OAuth2 compliant identity provider.
• Authorisation: Following authentication of a user they are authorised for access to certain components of the platform, or data within the platform, based on their role as determined in the Administration settings.

How we Protect Data in Transit

Data is encrypted and otherwise protected in transit between a Customer and Premier Contact Point as well as within Premier Contact Point’s network using TLS encryption.

How we Protect Data at Rest and in Backup (on disk/storage)

Servers holding our user data use full disk, industry-standard AES 256 encryption. The data centres that host our services are Tier 3 or better and comply with ISO27001 and other security accreditations and therefore have the industry’s security protocols in place to secure data at rest.

Export of Data

Premier Contact Point customers retain ownership of their data, including all rights, title, and interest in the data they store on the Premier Contact Centre platform. Customer data and interactions data, including call recordings can be downloaded by the customer at any time directly from the platform without involvement of Premier Contact Point or with the assistance of the Premier Contact Point Service Desk upon request.

All such data is protected in transit as explained in this document.

Network Security

We perform rigorous security testing, including internal and external third-party scans. If an incident occurs, we resolve the issue quickly using our security incident response practices outlined in our Information Security Policy and keep customers informed through our Service Desk team.

Application Security

Application security is integral to the development lifecycle through the adoption of security coding standards, peer review and automated testing.

Independent external vulnerability testing is also regularly conducted on the platform to ensure that application security objectives are met by the application software in our production environments.

System Availability and Security

Data sovereignty and security of data is assured through the storage and processing of data only in Australia at Tier 3 or better data centres.

We maintain high levels of availability with geographically diverse data centres in Victoria and NSW, Australia and good practices Disaster Recovery and Business Continuity programs. Our servers are maintained in Tier 3 or better data centres who are SOC 1 and 2 and ISO 27001 certified and where physical access is strictly controlled with detailed security measures which are strictly enforced by our data centre providers.

Privacy Compliance

At Premier Contact Point, we understand the importance of protecting the Personal Information of our Customers and their customers. Customer Personal Information is only used in accordance with our obligations at Law, including under the Privacy Act 1988 (Cth), and for the purposes for which it was collected which is to conduct our business functions and to provide our services to Customers.