Breaches in information security can lead to incalculable damages to our clients and also to our industry as a whole. However, the greatest victim of breaches in information security is the individual customer. The customer puts their trust in the client to maintain the highest care with their personal information and any breach of this agreement can not be tolerated.

Granada Corp’s call center technology platform is compliant with the 12 security domains of PCI-DSS Level 1 service providers. The compliance assessment is based on a third party review of the platform’s information security policies and processes which allow it to effectively protect credit card holder data.

Training is also a critical part of our information security strategy. Breaches can occur through good intentions and a robust information security process can only be effective through well-developed and executed training programs so all staff are aware of their roles and responsibilities in dealing with such sensitive information.

The most important factor in determining the success of an information security policy is the execution. This dictates whether the most well developed and intentioned security policies get adhered to or not. And one of the key elements to organizational execution is the strength of company culture and overall employee respect for company leadership. While this is an abstract driver in information security policy, it is indeed critical. This is a major strength at Granada Corp where policy adherence is driven by the strong, organizational alignment that exists across all levels of the company.

Some of the features of our data security process include:

• PCI – Technology platform fully compliant with 12 security domains of PCI-DSS Level 1 service providers.

• ISO 27001 -  Internal procedures based on ISO 27001 information security processes

• Secure Desktop – Virtualization technology separates the user’s desktop environment, including applications, data and settings, from the operating system.

• Data Network -  Secure VPN to connect agent desktop to clients’ VPN servers.

• Intrusion Protection System – Software for detecting, tracking and analyzing abnormal behaviors in the network.

• Encryption – Data and protocol encryption utilized during information transfer.

• Authentication – Fraud detection manages user authentication and all workstations monitored by video camera.

• Physical Security – Controls include multiple perimeters, biometrics, surveillance cameras and 24×7 security staff.

• Employee Screening – Includes psychometric and behavioral testing, background and credit checks.

• Security Awareness Training – Training program for all members of the workforce, including management.

• Password Management – Procedures for creating, changing and safeguarding passwords.

• Non-Disclosure – All employees working on sensitive customer information are required to sign non-disclosure agreements.