Trust and confidentiality require world-class security measures

Given the sensitivity of ethics and compliance issues, security is one of Global Compliance’s highest priorities.  Our multi-layer security strategy integrates infrastructure—the hardware, software and network needed to protect your employees’ information; people—trained in handling sensitive information; and processes—best practices for processing confidential data.  

Learn more about Global Compliance’s commitment to security and privacy:

• Technology/Infrastructure
  
• Expert People
  
• Best Practices

Global Compliance’s Information Management and Case Management systems use the same multi-tiered application architecture that makes all of Global Compliance's internal systems flexible, efficient, reliable and secure.  We have invested heavily in technologies to ensure the security of our systems, including multiple firewalls, intrusion detection and system audits.  Our system's website features a Thawte security certificate and enforces 128-bit encryption.

In addition, Global Compliance‘s information systems incorporate the following measures to ensure security and confidentiality:

Our IT system employs firewalls with multiple service zones, and we use continuously-monitored IDS. We also have hardened operating systems on the perimeter, and we use virus checking on inbound files.

Global Compliance offers the option of encrypted e-mail transmission using PGP encryption software, and SSL encryption is utilized on all of our web applications.

Global Compliance contracts with independent security consultants to perform vulnerability assessments. These consultants use vulnerability scanners such as Nessus, Stat, and Retina. We employ a combination of IT and software industry standards including SAS 70 Type II, ISO 17799/27002, BS 7799, SANS, PMI PMP and a formal SDLC.

The facility in which Global Compliance is housed is as physically and environmentally secure as the latest technology can provide, and it is equipped with a fire suppression system, power supplies that cannot be interrupted, redundant HVAC units, and a diesel generator that can supply power for an unlimited period of time in the event of the building's power failure. We protect our operations and server room by a key card access system that is active 24 hours per day. This system divides the perimeter and interior of our home office into zones. Access to critical zones, such as the Contact Center or the server room, is provided to a limited number of personnel. The Charlotte office of Global Compliance is designed to restrict access at the building perimeter as well as at all stairwell and suite doors. Grounds and parking areas are patrolled by security personnel provided by property management. In the event of an alarm or other emergency response issue, our systems immediately notify designated IT personnel via pager alerts. If there is a building plant or equipment emergency such as a fire, IT personnel and building management are notified.

Global Compliance features contingency planning for both our Contact Center and Data Center that is second to none. First of all, our technology ensures that interruptions are extremely rare. Global Compliance uses redundant systems to ensure that the failure of any one component does not shut down services or lose data. This includes dual access fiber with independent routes and multiple T-1 connections from multiple providers and different switching stations to ensure redundant communications. We also utilize back-up power supplies and a back-up diesel generator.

• Reported information is stored electronically in our proprietary database system. This system is housed on Global Compliance‘s internal servers behind our firewalls. Our firewalls and other IT security measures are independently audited on a regular basis to ensure our system's security. Global Compliance completes backups of our servers, which are kept onsite in badge-access secured areas as well as in an offsite facility. Backups are available at all times.
• In the rare event of an interruption of service resulting from a catastrophe such as a complete loss of facility, we contract disaster recovery services. Our contract gives us access to contact/data centers located throughout the country in addition to mobile communications trailers. This enables Global Compliance to continue to provide services to clients through a local, regional, or national disaster. We can recover from an operational disaster affecting single servers within our Data Center, a full site disaster, or any emergency in between.

Global Compliance has received a SAS 70 Type II audit, as set by standards put forth by the American Institute of Certified Public Accountants (www.aicpa.org). A Type II report includes Global Compliance’s description of controls as well as independent, detailed testing of the service organization's controls over a minimum six-month period.

From our Contact Centers to our corporate offices to our Data Centers, Global Compliance emphasizes integrity.  To ensure the highest standards we have invested in industry-leading screening and training to ensure our employees meet world-class standards.

For example:

Our Contact Center staff includes more than 90 college-educated, highly skilled Communication Specialists, plus 18 experienced Contact Center Team Leads, Training Specialists, and Managers with an average tenure of nearly five years. All of our Contact Center staff are direct employees of Global Compliance and are dedicated solely to the intake of ethics and compliance hotline reports.

Global Compliance's Contact Center Management Team uses information gathered in a Behavioral Event Interview to determine alignment of a candidate's personal traits and desired behaviors and match a candidate's skills, competencies, and motives with the requirements and success factors of our position. In addition, great emphasis is placed on the honesty and professionalism of all job candidates, and pre-hire background checks and drug screenings are performed in every case.

Global Compliance employs full-time Contact Center Training Specialists dedicated to providing ongoing training specific to procedures, current issues, and individual skill development. Once hired, a new Communication Specialist undergoes 64 hours of leader-led training and simulation specific to conducting the guided intuitive interview and report writing processes. Overall training includes identification of workplace issues affecting callers, interviewing techniques, accurate report writing, assignment of call priority levels, and diversity and sensitivity training. Role playing to simulate angry, scared and/or tentative callers is a critical part of the training curriculum. This simulation prepares Communication Specialists to defuse caller emotion and derive required facts. Extreme emphasis is also given to legal and ethical issues concerning the critical and confidential nature of the work being performed and the information being gathered. The training is followed by a period of side-by-side monitoring and coaching while taking live calls.

Following the Communication Specialist's initial training period, Contact Center Team Leads and Management monitor live calls and ongoing training is provided to Communication Specialists through our calibration process. Global Compliance continually enhances its training program to address needs identified through coaching sessions, focus groups, and monitoring by our Quality Assurance and Development group in pursuit of continuous improvement.

During Human Resource's New Employee Orientation, the Contact Center's New Hire Training, and the Operations Manager's New Employee Induction Meeting, Global Compliance's practices regarding confidentiality are presented and clarified. In addition, while the new hire is being trained and as an everyday workplace practice, great emphasis is placed on the confidential nature of the information we process and our duty to protect this information. As part of our privacy policy, all employees are required to sign confidentiality agreements. Our Contact Center employees are also required to sign an additional, more detailed confidentiality agreement.

From start to finish, our call intake and report dissemination process is subject to our quality assurance process. Our Contact Center Team Leads conduct live call monitoring while also providing real-time feedback, and detailed report inspection. Our Team Leads monitor a percentage of calls via phone and an online application that allows them to observe how Communication Specialists navigate the system. Team Lead Coaches audit and score 33 elements of the interview within the online application. Team Lead Inspectors review and audit reports to ensure 20 key elements of the report format, structure, and content are met.

People and technology are just two of the components needed to create an environment of complete security and privacy.  Best practices are the third and in many ways most critical element in that they provide the rules and guidelines that specify how the people and technology must work together.  

Some of Global Compliance’s best practices for security and privacy include:

Client data is stored in a Microsoft SQL Server database. Each transactional record contains a specific client identifier field to distinguish individual client records. All data retrievals use that client identifier. Our system supports sophisticated rules to tailor the access of reports based on any number of criteria for each specific client. Clients can only access reports from their own set of client identifiers, through a web interface or via email.

A client's individual users determine their own passwords after initial log-in using a temporary password provided by Global Compliance. Passwords must be between 8 and 15 characters in length containing at least one number and one uppercase character and may not be based on a dictionary word. Passwords for the web application are hashed with the SHA1 cryptographic message digest algorithm before being stored in the database. The application requires password changes every 90 days. An account is locked out for thirty minutes after three incorrect login attempts. Passwords must be unlocked by calling your client representative. Failed logins and lockouts are logged and alerts are sent to administrators.

Activities entered by Global Compliance‘s employees are tracked by user name and time-date stamp, allowing us to trace back all entries.