Security and Compliance Overview
The Results Companies (Results) takes great strides to ensure that our clients' proprietary and confidential information assets are protected to insure their availability, confidentiality, and integrity. Results works with many financial institutions as well as healthcare providers and must maintain strict compliance with many Federal and State laws, regulations, and standards. Examples include:
- Health Insurance Portability and Accountability Act (HIPAA) of 1996
- Payment Card Industry Data Security Standard (PCI DSS)
- Gramm-Leach-Bliley Act of 1999
- Telemarketing and Consumer Fraud and Abuse Prevention Act
- Telephone Consumer Protection Act of 1991
- Rules, regulations, and orders of the Federal Trade Commision ("FTC") and the Federal Communications Commission ("FCC"), including the Telemarketing Sales Rule
Approach to Security and Compliance
In order to manage the security and compliance needs of the business and our clients, Executive Management has appointed the position of Director of Security and Compliance to develop, implement, manage, and maintain the security and compliance programs of The Results Companies. Strong and effective security and compliance at Results is recognized as an important business need and competitive advantage. We do not approach these issues as something we are 'forced' to do, but as something we want to do and that sets us apart in the marketplace.
Data Centers and Security- Centralized and redundant NOC(s) for all points of termination
- Call data securely stored in redundant databases or file systems with strong physical and logical access controls
- High degree of monitoring and alerting for all critical infrastructure, systems, and applications
Networks and Security
- Firewalls, private circuits, and vpn tunnels are used to segregate information by client need and to ensure no blending of data
- Intrusion detection is deployed to all centers to alert on known attacks in real time.
- Wireless networks are forbidden to be connected to any trusted network. Frequent monitoring for unauthorized wireless is enforced
Workstations and Security
- Workstation operating systems and software are standardized, hardened, and centrally managed to maintain proper control of the client environment.
- All removable media is control or restricted (USB/CD/DVD Drives)
- No proprietary or confidential data is stored on agent workstations
- Secure connectivity is used for client applications and data sources
- Workstations protected by Cisco ASA firewalls and equipped with frequently updated anti-virus and anti-malware software
Transmission Security
- Proprietary and confidential data is protected by industry standard and approved encryption such as AES and 3DES.
Business Continuity and Disaster Recovery
- All data centers and call centers have facility specific BCP & DR Plans.
- These plans are updated as needed and tested at least once annually.