Data & Security
SoftTrain Cloud Ltd is registered with the Information Commissioner's Office (ICO).
1. Web Applications
Access control
 |  |
User logins are authenticated via username and password and using Multi-Factor Authentication (MFA) by emailing a code to the users email account. There is the option to trust the device for a period of 90 days where the MFA code will not be required for subsequent logins on the same device.
SoftTrain Cloud responsibility
The initial login to the portal is provided by SoftTrain Cloud to the Reseller and with controls to manage the end-client logins.
Reseller responsibility
The Resellers are responsible to ensure their end-clients are correctly provisioned subject to the Terms & Conditions agreed by the Reseller.
2. Data security
Encryption of sensitive data and communications
All passwords are encrypted at rest using AES-256 encryption with a combination of password, secret key and initialisation vector. They are stored in an SQL database and only the web application has the decryption keys necessary to authenticate the user during the login process.
Platform security
Architecture
The platforms runs in the Microsoft Azure Cloud using virtual machines (VMs), Azure Blob Storage and SQL databases.
Access restrictions
Access is limited to the SoftTrain Cloud Technical Support Team using the built-in Azure Network Security Group which restricts ports and IP access. Only port 443 (https) is open to public access (as is required to run a web application), all other limited administrative ports are restricted by remote IP access and only for ports required to perform Technical Support duties.
Connections to the SQL database for Technical Support are encrypted as per the Microsoft guidance.
Connectivity to the Azure cloud configuration is limited to the SoftTrain Cloud Technical Support Team and uses a combination of username, password and the Microsoft Authenticator App for authentication.
3. Product File Storage
For any SoftTrain Cloud product requiring secure file storage (for example: Call Recording Archive), the files are stored on the Azure Blob Storage.
File encryption
Call recording files are collected from the PBX and encrypted using Rijndael AES encryption using a combination of password, secret key and initialisation vector. Once encrypted they are uploaded to the Microsoft Azure Blob Storage service.
File Storage
The encrypted call recording files are stored on the Microsoft Azure Blob Storage service using Read-access geo-zone-redundant storage (RA-GZRS). Full details of the storage mechanism can be found on the following URL:
Access
By default, the storage containers hosting the call recordings are disabled to all access excluding the following:
- Analytics Web Interface (via server-server Rest API restricted by Azure application). Access permissions to files are controlled by the Administrator(s) of the Analytics Web Interface or by a SuperUser who has been granted full access by the Administrator.
- SoftTrain Cloud Azure Administrators
Below is a screenshot of the access permissions defined in the Microsoft Azure Blob Storage service:
4. Artificial Intelligence (AI) Products
The following products make use of Artificial Intelligence (AI):
- Call Recording AI - transcription of call recordings and sentiment rating of the call
- Live Chat & Chatbot - sentiment rating of the chat
For products making use of AI, the security of the data is determined by the AI engines used. Details of these can be found behind the following links:
Azure Speech-to-text
Open AI Chat Completions
AI data at rest
Last updated: 21 March 2024