Administration | General Settings | Encryption Settings

Encryption Settings

To conform to PCI Data Security Standards (DSS) regarding credit card numbers, the Quality Management Client can encrypt recording files. These files cannot be exported or played directly from the disk, but they can be played through the Quality Management Client UI. PCI-DSS requires that two people are each given a fragment of the encryption key, so that no individual can decrypt the data.

During the creation of an encryption key, Quality Management requires two people with Administrator access to provide their Quality Management user name and password simultaneously.

The Quality Management administrator should change the encryption key yearly to ensure security. Fifteen days before the current key reaches one year old, the Quality Management Client sends a message to the address in the Notifications section of this page, reminding the administrator to change the key. In the event that the current key is left in place for over a year, recordings will still be encrypted with this key.

Apart from setting Quality Management to encrypt recordings, you can also configure it to:

  • Not encrypt new recordings
  • Re-encrypt encrypted recordings using a new key
  • Decrypt encrypted recordings.

You have to configure a custom service account before you enable recording encryption.

Users with the Change System Settings permission in their Security Profile can edit the encryption settings.

To edit the encryption settings click the navigation icon and then click the General link from the administration sub-menu. The General tab displays. To set encryption, complete the following steps:

  1. In the Encyption section of the General tab, click the button. The Encryption dialog will display.

  1. The first administrator enters their credentials, then the second administrator enters theirs.
  2. As required, set:
    1. Enable Encryption - to create a new key and use it to encrypt new recordings and existing unencrypted recordings. If Revoke Existing Keys is also set, existing encrypted recordings are re-encrypted using the new key. If Revoke Existing Keys is not set, a new key is not generated and no (re-)encryption takes place.
    2. Revoke Existing Keys - to decrypt existing encrypted recordings and then apply the Enable Encryption setting. If this is not set, existing encrypted recordings are left encrypted with their original keys.
  1. Click Ok. If you set Enable Encryption, a new key is generated and applied. For security, the Quality Management Suite Client splits the key data into halves, and you are prompted to save backups of these halves.
  2. In response to the prompt, click Ok to save the first half.
  3. In response to the prompt, click Ok to save the second half.
  4. Restart the Call Recording Service and Data Service for QMS to encrypt existing recording files.

Any changes you make to the encryption settings are applied by a background task; this may take an appreciable time if many recordings require processing. If the Call Recording Service is not running, record processing will be delayed.

See Also:

General Settings

Using the Key Management Tool