Technical Security Architecture (TSA) Data Processing and Storage

Regulations often use the term processing as a combination of all aspects of the information life cycle. Tenants are often more concerned with where information is processed and who processes it than what the information is.

One point of possible confusion is the difference between storage and processing. Storage is only one aspect of processing. Processing is a much broader concept including viewing the information.

Classics Inc. stores its customer information in secure servers in the Philippines. David Copperfield, a supervisor in England, viewed a stored interaction between a customer and his agent, James Steerforth. The interaction took place in the United States. Because data processing combines all aspects of the information life cycle, this interaction was processed:

  • In the United States when the data was created during the interaction.
  • In the Philippines when the data was stored in Classics Inc.'s servers.
  • In England when the stored data was viewed by David Copperfield.

Storage Location, Processing, and Data Restrictions

Tenants often want to impose restrictions on where information is processed and who processes it. In general, CXone does not support data sovereignty restrictions. Our terms and privacy policy specifically state that cross-border data transfer and processing is allowed.

There are two types of data access. The types have different abilities to control.

  • System-level access: This includes all access based on the system itself. For example, a DBA has direct access to a database and can see any information stored in that database.
  • Application-level access: This includes access based on application features. For example, an administrator in a tenant may be able to see all information in the tenant. NICE CXone employees may also have application-level access. They are provided this access by the tenant or through impersonation.

Data Storage, Sanitization, and Deletion

A tenant may discontinue services. In that case, their data is disposed of according to terms within their contract. They can also have time-to-live set for their stored data during their service period.

Tenants can manage their data storage according to their own retention policies.

CXone maintains Tenant Management (TM) through proprietary applications that administer storage, WFO, and other service management.

Storage

Data for all tenants is stored in a common database. Tenants are logically separated in this database with unique tenant numbers. All storage is strongly encrypted. Tenants can use Azure as cloud storage in addition to the options listed below.

Storage for the private cloud is held on Hewlett Packard (HP) Storage Area Network (SAN) systems:

  • HP 3PAR.

  • Nimble.

  • Pure Storage M70/X70 Solid State storage.

Storage within the public cloud is held on the following:

  • Amazon AWS Simple Storage Server (S3).

  • Elastic Block Storage (EBS).

  • Glacier storage.

Sanitization

You can clear data from the databases, such as contact history or meta data, as well as call recordings. This process is called sanitization. NICE CXone can sanitize your data at contract termination. It also might occur on periodic record purges. Tenants can also set up a time-to-live for their data, which would anonymize data at a predetermined time. These processes are determined by tenant requirement. They can be clarified by an assigned sales engineer in conjunction with NICE CXone Professional Services.

Defective drives can be sanitized as the tenant determines. In a multi-tenant system, sanitizing a single drive or drive sector impacts the data of each tenant in the system.

Call Recording Deletion

All call recording storage for CXoneACD and WFO is managed using proprietary file management. When a call recording is deleted, that data segment is marked, making the space the recording used available for re-use. This space will periodically be overwritten by a new call from a different tenant. There is no folder that contains a single tenant's discrete call recordings. The call recordings are not identified on the drive systems that would associate them with a single tenant. The location of this data is kept in the proprietary database that identifies and indexes those call recordings by their unique tenant.

Physical Drive Destruction

NICE CXone operations performs physical drive destruction using a bonded company to shred the drives. They perform drive destruction at the following levels:

  • The NICE CXone endpoint level, which by policy and by auditor review doesn't contain tenant data storage.

  • At a few discrete server levels where there might be discrete drives.

If Storage Devices Fail

Each storage volume is automatically replicated. If a storage media fails, data can be restored from the replicated data. Tenant data is distributed across multiple drive sectors to lower exposure. In a premise system, drives contain only the data of the media owner. The following lists outline the details and process for each public cloud vs. private cloud devices.

Public cloud storage devices:

  • Managed within AWS.
  • Replication also occurs in AWS between paired availability zones.
  • Amazon gives direction of what to do if a volume fails. They don't address media destruction.

Private cloud storage devices:

  • Maintained by the drive vendor.
  • If drives fail, they usually fail one or two at a time. The vendor comes on-site and replaces the drive. NICE CXone contracts with vendors to securely process failed drives. These drives are securely returned to the vendor.
  • Replication occurs between paired, geographically diverse data centers.
  • In the unusual case where an entire SAN in the private cloud is retired, thus containing a functioning set of data on a complete system, that data would be wiped (disposed of) before the SAN was retired.