Is Your Business Phone Service Provider Ignoring the Elephant Herd in the Room?

Business phone service compliance: elephant herdA herd of elephants is wandering around boardrooms across America. They go by the names “Regulatory Compliance” “Security,” and “Reliability,” and you ignore them at your own peril. And because they’re difficult to deal with, lots of business phone service providers and unified communications vendors don’t want to talk about them. Neither do most hosted call center software providers, even though many of their customers handle sensitive customer information over their communications channels.

10 Questions to Draw Out the Elephants in the Room

Here are ten questions to ask providers of any unified communications services, including business phone service, faxing, Web meetings and videoconferencing, and hosted call center software. They’re designed to start conversations about what your provider probably wishes you wouldn’t bring up.

  1. Can you recommend particular configurations of our system to help us comply? Providers of business phone service and unified communications that make compliance a priority can often supply you with expertise or suggestions to help you comply, and they’re more likely to have a compliance officer who can explain how their services are set up to facilitate compliance.
  2. Are you a HIPAA-compliant business associate? If so, can you put it in writing? Many companies aren’t, and doing business with them could jeopardize your compliance if you use their services.
  3. What has your communications company done to ensure compliance? For telecommunications providers, compliance is an extensive, ongoing process. First, they must make sure their company complies. And in many cases, they need to verify that their own chain of third parties is also compliant with the latest HIPAA business associate and other regulatory requirements. And they need to have signed Business Associate and other agreements. Only then can they offer HIPAA compliant unified communications services.
  4. Do you have a dedicated security and compliance officer? 8x8 does. (That would be me. As you can see from my bio, I’m passionate about security, reliability and compliance.)
  5. Which security and compliance metrics do you support? Providers should meet HIPAA, FISMA and FIPS compliance specifications. 8x8 is the only well-known business VoIP provider that provides optional FISMA (moderate) and FIPS-2 (Level 2) data-in-motion and data-at-rest encryption.
  6. Has your compliance been assessed by independent experts? If so, who did the assessment? Look for actual third-party verification by respected experts, so that you don’t jeopardize your own company’s compliance. Salespeople are often confused about the new rules themselves, and could mislead you, so ask for independent confirmation.
  7. What reliability level can you support? The last thing you need is for your call center software to be unavailable, or for your business phone service to go down. Ask for at least “four nines.” (8x8 has achieved 99.997% average uptime in 2013.)
  8. What kind of failover capabilities does your service provide? It is a good practice to have failover between multiple datacenters. 8x8 offers seamless failover capability for 8x8 phones. 8x8 also uses georouting to have the endpoints registered to the closest data center, for a high-quality user experience. In the event of an issue with the data center, phones would automatically and seamlessly fail over to the next closest data center. 8x8 has two data centers in the US, one in Hong Kong, and one in the UK, which helps to ensure 8x8 unified communications reliability.
  9. What methods does your service provider offer for business continuity? When natural disasters or outages strike, you want to be able to keep going, so look for service with multiple ways to stay connected. Because 8x8 business phone service and Virtual Contact Center are available by computer with any browser, calls can be forwarded to cell phones or other sites, and can be moved by transporting your IP phone to any other site with an Internet connection. In addition, your 8x8 business phone service can run on employees’ personal smartphones using the 8x8 downloadable mobile app. Several of our customers have even used Virtual Contact Center—our hosted call center software—to keep answering phones after Hurricane Sandy and other natural disasters.
  10. What kind of customer references can you provide? And what do they say about your ability and willingness to work with any special needs your organization has? If a provider’s references won’t talk about the provider’s ability to provide security, reliability and compliance, that’s almost as big a red flag as unwillingness to address the issue. 8x8’s clientele includes air ambulance services, airports, insurance companies, legal firms, and call center software users, which all have important requirements that 8x8 meets or exceeds. For example, the EPA even uses our hosted call center software to answer citizens’ questions about the safety of their water. See the 8x8 website for customer testimonials.


What Else Are They Not Telling You?

How you run your organization is your business, but you really shouldn’t settle for any business phone service or unified communications provider who won’t give you full answers. The same goes for hosted call center software. Because if they can’t be honest about something as obvious as security, reliability and compliance, that has to make you wonder what else they’re not telling you.

And if you’re looking for straight talk about security, reliability and compliance, check out this white paper, “The Elephant Herd in the Room,” which also includes the above checklist of ten “conversation starter” questions to ask your business phone service provider, unified communications company or call center software vendor.

Mike McAlpen


Mike McAlpen is the Executive Director of Security and Compliance at 8x8, one of the largest US VoIP providers for business. Prior to this, Mike was a business leader with Visa, Inc. Global Information Security and Compliance. Before this Mike was a leader in HP Professional Services Information Security, CIO/CISO Advisory and other services for nearly 12 years. Mike is a frequent Information Security speaker, a three-term IT Services Management Foundation President, on the Board of Directors of the Silicon Valley ISSA, and active in ISACA, FBI/DHS InfraGard, U.S. Secret Service’s Cyber Crime Task Force and the American Bar Association Science and Technology Section’s Information Security Committee. [...] Read More >

  • icon-gray-linkedin.png