Security and Compliance
U-Assist is compliant with General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).
GDPR Compliance
Uniphore U-Assist follows General Data Protection Regulation. The right to access, commonly referred to as subject access, gives user the right to obtain a copy of their Personally Identifiable Information (PII) data along with supplementary information that is stored and processed in the application. It helps the user to understand whether their personal information is handled lawfully by their service provider.
Retention period configuration
For compliance with GDPR, system requires configurable retention period for any file, service or log that may contain PII. It helps to automatically delete the logs older than the mentioned retention period at the scheduled time.
HIPAA Compliance
Health Insurance Portability and Accountability Act requires that the PHI (Personal Health Information) including demographic information is removed or obscured from individual records. It minimizes the risk of unintended disclosure of the identity of individuals and information about them.
User Activities Audit Trail
As part of HIPAA compliance all the activities (Create, Update, and Delete) performed by Administrator and Business Analyst are logged for auditing purpose. It helps organizations to monitor data and keep track of potential security breaches or internal misuses of information.
Access control to APIs
This feature helps to limit access to specific APIs for various users and prevents unauthorized access to sensitive data. All the public APIs use authorization to ensure that client requests access data securely. Also, the APIs are to be authenticated with Uniphore’s built-in Identity Provider (Keycloak) provided access_token which can either be a user token or a service token.
Automatic logoff settings
Automatic logoff settings can be configured based on the user roles (Agent, Analyst, administrator and Supervisor) in order to automatically terminate the session in which U-Assist application is running when a user is idle for specific time period.
Parallel login from another browser
U-Assist does not allow multiple logins (with same credentials) at a given instance. It prevents misuse of the user's personal information to perform unauthorized actions.
Multi Factor Authentication (MFA)
It allows a user to provide more than one verification factors to gain access to U-Assist application using FreeOTP or Google Authenticator One-Time Password generator.
U-Assist services enabled with SSL
All the U-Assist services are enabled with SSL (TLS 1.2) which is used as an additional security layer for application traffic to prevent attackers from analyzing the functionality of the application and the way it communicates with the server. It enforces the client to only trust the valid or pre-defined server certificate or public key, which ensures that the client application is communicating only to the dedicated trustful servers. The customer can also upload their CA signed certificates which is embedded in the client application to use their domain name.
Encryption of Data in Transit
All the U-Assist services are enabled with SSL. This provides encryption of all data in transit as part of HIPAA compliance, thus securing applications and sensitive information from reputational damage when there is a data breach. To support backward compatibility SSL can be disabled for all the U-Assist services.
Encryption of Data at rest
Data at rest is data stored on a storage medium in any digital form and is protected by encryption at disk/storage level.
PCIDSS Compliance
U-Assist can comply with standards for PCI redaction. The Data Redaction model in U-Assist identifies PCI data and replace the data with static symbols "xxxx” in the transcripts of agent and customer conversation. The PCI sensitive data is completely redacted before being stored in U-Assist logs or the database.