Success is built on trust.
And trust starts with information. On this page, you can read about the Hero Outbound platform security, and how this complies with all regular standards. We guarantee you, that your data is in safe hands with us!
Hero Outbound is ISO27001 compliant.
In September 2018, we obtained a spotless ISAE 3402 statement.
In December 2018, we were also proud receivers of an ISAE 3000 (scope: complete GDPR compliance) - with an equally "clean" conclusion.
Scroll to the bottom of this page to read more details, or to download the reports.
Hero Outbound is a Saas solution, roughly consisting of a webapplication and a database. Through the webapplication, you may reach the public telephone network in order to get a full-service solution for your contact center. This is achieved via multiple SIP connections with a number of national and international tele providers, connected via telephony routers to our Freeswitch tele servers and to our application via the CTI solution "TeleManager".
Data is physically hosted in Denmark, in the hosting centers of Global Connect (Taastrup) and InterXion (Ballerup). We are working on establishing a second failover site - and third site in total - for our webapplication, which is the AWS data centers in Frankfurt, Germany, and Dublin, Ireland.
Production data is hosted in Denmark only, and no data ever leaves the European Union.
The overall architecture and security setup is illustrated below.
HeroBase as a company has close collaboration with a number of providers within security and compliance. This includes IT auditors (auditing, amongst others, implementation of our IT security policy at a regular basis) and security companies like Fort Consult, conducting penetration tests and other vulnerability tests at a regular basis.
The top five-priorities in everything we do, development and operations wise, are: Security, security, performance, performance and performance. We often spend more than twice the time (sorry to say!), it could take to solve a task, because we want to cover every single security- and maluse aspect in the solution design.
This philosophy has led us to having a state-of-the-art platform, where data is protected in all possible ways, and only securely exchanged between our servers and end-users.
include, but are not limited to:
- All data protected behind multiple firewalls
- Databases not available via public internet, only via VPN
- All data transfer takes place over HTTPS only
- Fail2ban are in place in front of publicly exposed services
- All network traffic is monitored, logged and analyzed in real-time, alerting relevant personnel if abnormal patterns are detected
- Users authenticate using instance name, username and password
- IP restrictions can easily be applied to your Hero Outbound account, meaning that logins will only be authenticated when they origin from a list of IP addresses specified by you as a customer
- Multi Factor Authentication (using SMS code) can be applied to all Hero Outbound users
- And a lot more.
Upon request, full descriptions of setup, security and policies are available. Reach out to your Hero Outbound Customer Experience Manager for this.
GDPR, ISO27001, ISAE 3402, ISAE 3000
All the above is just "the basics", meaning that your data is of course safe with us.
In terms of data privacy policies, including which data is stored (and for how long), the right to be forgotten, the need for logging (and accessing logs) for all possible access to data, we have a fully GDPR compliant platform, which supports our customers as Data Controllers in all possible ways.
Hero Outbound compliance features include (and are not limited to) easily specifiying an interval for auto-deletion of your (safely protected) data stored in our platform; leads can be black-listed to avoid future contact; logs of all interactions with businesses or private individuals are easily searchable and accessible from the frontend; and all actions within our platform - including data exports - are logged.
HeroBase are ISO27001 compliant in regards to all aspects of developing, hosting and supporting our platform Hero Outbound. This was, amongst others, subject for audit in the period March-September 2018, and resulted in a spotless ISAE3402 statement from independent IT auditors Revi-IT. In December 2018, we followed up by obtaining an ISAE3000 statement, verifying that Hero Outbound is GDPR compliant and supports our customers as Data Controllers in being GDPR compliant regarding their activities in Hero Outbound.
Click here to download our ISAE 3402 (type 1) report, obtained September 2018 - in English: Link to document
(Note: You can visit the Danish version of this page to download the report in Danish).
Click here to download our ISAE 3000 report, obtained Deptember 2018 - in Danish (English translation being underway, expected February 2019): Link to document
As a summary, security and compliance are top-of-mind aspects in our business - from sales and HR to IT development and operations. We'd always like to tell you more - let your Hero Outbound Customer Experience Manager know, what you want to hear about.
Happy (and secure) working!