As all Expertflow customer interaction (CI) products (such as Hybridchat) contain PII (Personally Identifiable Information), such as multiple customer identities (emails, chat identities, phone numbers,..), customer information (Adresses, products purchased), as well as potentially sensitive information exchanged (activities such as chat messages, recorded voice messages, web navigation history).
National and international standards and regulations auch as
- Europe’s General Data Protection Regulation (GDPR) of 2018,
- PCI-DSS (Payment Card Industry Data Security Standard) since 2004,
- HIPAA (Health Insurance Portability and Accountability Act) since 2000 and
- ISO 27001
… have established requirements that apply generally or in certain circumstances and geographies.
We see security as a continuous journey that is never completed. Standards evolve and so do security threats and methods to mitigage them.
Methods and Tools we use
- Zephyr for basic QA and regression testing
- Qualys and Trivy for automated vulnerability tests and scans
- Zero Trust policy, by using IBM Redhat’s Keycloak (Q4/2020)
Relevant documentation
- Port utilization guides to be configured on Firewalls
- PCI-DSS compliance with Expertflow products, some of which require customer/ partner activities
- A continuous public pipeline of security improvements
- A private backlog shared with our partners and clients of upcoming security features that we prioritize jointly with our client