Regulatory Compliance

When you interact with your customers, they trust you with their personal information. Discover how securing personal information can help you meet industry-specific data security expectations, preserve your business’s reputation, and turn data protection into an other element of your customer engagement strategy.

Woman working from home talking on phone

What is PCI-DSS?

The Payment Card Industry Data Security Standard, or PCI DSS is a set of technical and operational requirements that were created to help prevent credit card fraud, hacking and other security vulnerabilities and threats. PCI DSS is a worldwide standard and any organization processing, storing, or transmitting cardholder data must be compliant.

Learn More

How to achieve PCI-DSS compliance?

Achieving compliance with the Payment Card Industry Data Security Standard always relates to your organization’s specific circumstances, however the PCI Security Standards Council® suggests businesses to follow this continuous, 3-step process:

  • Assess. Identify all cardholder data, create an inventory of IT assets and business processes for payment card processing, and analyze them for vulnerabilities.
  • Remediate. Fix vulnerabilities, identify cardholder data which is absolutely necessary and eliminate the storage of the rest.
  • Report. Compile and submit required reports to regulators.

Solutions for enhanced cardholder data protection

Verint compliance solutions support capturing, securely storing, and managing sensitive data.

  • Solid data protection By RSA/AES-based technology for file encryption, and SSL encryption for all client-server communications in playback
  • IM content filtering To enforce content policies for instant messaging and redact sensitive data from any text-based conversation.
  • Automatic compliance triggers To pause interactions when card security codes (CID, CAV2, CVC2, CVV2) are being shared.
  • Workforce Optimization Granular, role-based access control to captured information for improved card holder data protection.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a national standard of the United States for protecting sensitive patient data.

The HIPAA Privacy Rule sets standards for dealing with protected health information (PHI), while the HIPAA Security Rule establishes a set of security requirements for protecting certain health data that is held or transferred in electronic form (e-PHI).

If your organization collects, creates, uses, manages, transmits or has access to PHI, then it is considered to be a “covered entity” that is subject to HIPAA.

How to achieve HIPAA Compliance?

Although HIPAA has a level of scalability to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments, adequate access control, sufficient activity logging and reliable encryption are key elements of HIPAA Compliance.

  • Control: restrict access to sensitive health information on the user level.
  • Log: log all PHI related activities. Register all access attempts to ePHI and record what is done with that data once it has been accessed. Use these logs for audits and process improvements.
  • Safeguard: implement reliable, file-level encryption to mitigate the risk of unauthorized access.

Solutions for enhanced health information protection

Verint compliance solutions support capturing, securely storing, and managing sensitive data.

  • Workforce Optimization Granular, role-based access control to protected health information for improved e-PHI security.
  • Desktop And Process Analytics Capture and analyze employee desktop activities for audit logging and training purposes.
  • Compliance Recording Solid data protection by SSL encryption and RSA/AES-based technology.
  • Enterprize Recording Record interactions between your patients and employees and extract actionable intelligence for liability protection, compliance, and quality management purposes.
  • Automated Quality Management Automate your quality management process, evaluate calls, identify non-compliance and assign coaching.