Enterprise Compliance Requirements »
Secure UC and VoIP Enterprise Compliance Requirements
Today’s enterprise mix of cloud, prem and hybrid real-time applications require compliance covering UC and VoIP applications in regulated industries like healthcare, finance, government services, international business, and legal services. For actionable compliance insight, RedShift Networks software delivers analytics and threat management of real-time applications (e.g. Cisco Webex, MS Teams, Avaya, and Zoom) to meet the reporting needs of the most challenging regulatory requirements including Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA) regulatory, General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS) compliance.
Every enterprise and their cloud service provider use voice over IP (VoIP) technology for new and existing voice/data communications. VoIP communications now is subject to security and privacy requirements imposed by EU, US federal and/or state statutes. Robocalls also continue to plague real-time communications services subject to electronic communications regulations including enhanced emergency (E911) services.
RedShift’s solution helps enterprises expedite SOX, GLBA, HIPAA, GDPR and PCI compliance.
Read the Managed Services Whitepaper from RedShift Networks
Sarbanes-Oxley Act (SOX)
Congress passed the Sarbanes-Oxley Act in 2002 for all companies with publicly traded stock, section requiring management to establish and maintain an “adequate internal control structure and issue an annual report on the effectiveness of such controls via independent auditor.” RedShift Networks ensures complete data analytics of all unified communication content and correspondence.
Gramm-Leach-Bliley Act (GLBA)
Congress passed the Gramm-Leach-Bliley Act dates to 1999 allowing commercial banks to offer investment and insurance services including provisions to protect the privacy of consumer information collected by companies in the financial sector, including any other organization “significantly involved in financial activities.” GLBA Section 501 of Subtitle A requires companies to ensure the data security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security and integrity of such records. RedShift Networks helps enterprises protect against unauthorized access to or use of GLBA-compliance records or information that could result in substantial harm or inconvenience to any customer.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA passed in 1996 including the highly relevant Privacy Rule later in 2003. It applies to organizations managing medical records or other personal health information. All personal medical information stored or transmitted electronically by hospitals, doctors’ offices, nursing homes, HMOs, insurance companies, social service agencies. RedShift Networks customers gain HIPAA compliance auditing and proactive threat protection including SIP-based voicemail systems in healthcare industries often contain confidential patient information and need protection.
General Data Protection Regulation (GDPR)
GDPR compliance with UC and VoIP mandates that service providers maintain detailed records of all data processing activities. RedShift Networks platform automates this record keeping through implement technological and organizational measures that ensure and demonstrate real-time data analytics symmetrical recording with GDPR.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS offers enterprises and their cloud UC providers a measurable set of security standards ensuring the secure acceptance, processing, storage, or transmission of credit card information. In PCI DSS Requirement 1.3.3, the need for RedShift Networks solution is clear to implement anti-counterfeiting measures to detect and prevent fraudulent source IP addresses from entering the network. UC and VoIP need RedShift Networks PCI DSS compliance strengths as fraudulent SIP bots target VoIP/UC networks continuously and VoIP transmits enterprise-sensitive authentication (SAD) or cardholder data (CHD) using VoIP data or audio/voice recordings packets.
Why Unified Communications – Including VoIP – Require RedShift Networks Compliance Safeguards
All these regulations share a common trait —the protection of the integrity and/or privacy of certain types of information. A SOX auditor, for example, examines internal controls such as password strength, encryption, and vulnerability testing. Areas of concern might be whether your VoIP implementation maintains usage logs, how you use these logs in the billing process, and how you track administrative changes. This is where RedShift Networks UCTM software expertly manages your VoIP network, users, and protects clients from loss of network and UC services, confidentiality loss of sensitive data, financial loss, identity theft and IT systems attacks through the voice infrastructure.
Compliance in Action at NetFortis
NetFortris uses RedShift Networks to ensure compliance-level protections in the financial services and insurance space, among others. Read the press release »
“By deploying RedShift, we now see every one of our data centers in a single view for all forms of fraud, hacking attempts, and more, for fast remediation and defense. RedShift offers a huge time and attack coverage advantage, and provides many useful tools beyond ‘anti-fraud’.”
Tom Swayze
EVP Technology
NetFortris