VCC’s client software includes a number of mandatory and customisable security features which are intended to avoid external attacks, as well as internal attacks and misuse on the client’s side.
Audio and data communication
Full encryption of sound and the accompanying communication protocols, using the technology listed below, is possible in VCC, guaranteeing that every conversation-related event which occurs between VCC’s client software and the central system is encrypted:
During the use of the software, network data traffic is encrypted with the following industry-standard technologies:
- Secure Socket Layer (SSL)
- Hypertext Transfer Protocol Secure (HTTPS)
VCC following the stricter industry-standard recommendations and techniques like:
- TLS v1.2
- Current safe cipher suites
- Current safe hash algorithms
- File integrity monitoring
- ISSG-ISSAF4 G and OSSTMM5 C/8 methodology
Database and data separation
In VCC’s infrastructure every client has their own separate database, for both uploaded data and other data, for example statistics. Due to our strict firewall policies and incorporated software barriers, clients are not able to access other client databases.
A backup is made of all client-related data (e.g. their individual database) so as to avoid data loss. Servers used to store information are placed in an environment which is appropriately supervised and has restricted access (for more details on this, see ‘Server hosting, DRP/Virtualization’).
Client audio files are stored on a storage file system which is physically stored on several different servers. Even if any server were to be completely destroyed, the sound files would still be accessible and unharmed.
Sound files are stored for a period of 30 days (with the possibility of longer storage if requested), during which time they can be downloaded as required. Downloaded files can also be deleted from the VCC system when archive files are created, before they would be automatically deleted.
Adjustable security features in the client software
VCC’s client software provides the client with further opportunities to increase the level of security:
- customisable IP addresses and ranges for access
- customisable parameters for the rights system
- multi-level password policy for individual rights
- Risk Assessment Policy
- Communication Security Policy
- Change Management Policy
- Testing Process and Procedures Policy
- Software Development Policy
- Incident Management Policy