8 Tough Security, Compliance and Reliability Questions to Ask Your Communications Provider
When it comes to security, compliance and reliability, how do you separate the real deal from the pretenders? While every company has different needs, here are eight questions that you should ask your next communications provider.
1. Are you a HIPAA-compliant business associate? If so, can you put it in writing?
Many companies are not compliant with the Health Insurance Portability and Accountability Act (HIPAA) and doing business with them could jeopardize your compliance if you use their services. 8x8 is 100% HIPAA compliant. We put it in writing, and so has author Stephen Wu, a prominent attorney and recognized legal expert on health care and data privacy law. Mr. Wu named 8x8 as a glowing example of HIPAA compliance.
2. What has your communications company done to ensure its own compliance?
For communications providers, compliance is an extensive, ongoing process. First, they must make sure their company complies. 8x8 goes farther to verify that our own chain of third parties is also compliant with pertinent regulatory requirements.
3. Do you have a dedicated security and compliance officer?
Having a dedicated compliance officer on staff is a strong signal that the provider you are doing business with prioritizes security and compliance. For example, 8x8 has a Chief Information Security Officer and a Security and Compliance officer with more than 20 years of experience.
4. Which security and compliance regulations and standards do you support?
Depending at least in part on your needs, providers may have to meet a medley of United States standards and regulations, including HIPAA, standards established by the National Institute of Standards and Technology (NIST) to comply with the Federal Information Security Management Act (FISMA), and the Privacy Shield Framework. Additional standards apply in the UK such as the General Data Protection Regulation (GDPR), Authority to Operate (ATO), G-Cloud, Cyber Essentials Plus and ISO 27001 and ISO 9001 standards.
5. Has your compliance been assessed by independent experts? If so, who did the assessment?
Look for third-party verification by respected experts so that you do not jeopardize your own company’s compliance. 8x8 leads the market in security compliances and routinely submits to evaluations by independent auditors to verify uninterrupted compliance.
6. What kind of failover capabilities does your service provide?
It is a good practice to have a failover between multiple data centers. 8x8 offers seamless failover capability for 8x8 phones. In the event of an issue with the data center, communications automatically and seamlessly failover to the next closest data center.
7. What methods do you offer for business continuity?
When natural disasters or outages strike, you want to be able to keep going, so look for service providers who offer multiple ways to stay connected. Because 8x8 solutions are available through any browser, your communications solution operates securely without interruption. Calls can be forwarded to other sites and can be moved by transporting your IP phones to any other site with an Internet connection. In addition, your 8x8 phone service can run securely on employees’ personal smartphones using the 8x8 mobile app.
8. What makes 8x8 better at responding to emerging security threats?
At 8x8 we own our technology stack and prioritize our customers’ security needs. With one platform for voice, video, and chat, our services are developed with security in mind. We assess our own infrastructure for emerging vulnerabilities. When fixes are needed, we can quickly resolve and transparently communicate with our customers without waiting on third-party technology providers to patch their components.
To put it simply, not all cloud-based communication providers provide equivalent levels of security, compliance and reliability. During your evaluation, delve into these eight questions with your prospective providers. And, to learn more about how 8x8 addresses these areas and beyond, read our white paper “Straight Talk about Cloud Communications Security, Compliance and Reliability.” Please contact us if you have more questions -- we’re happy to have those conversations!