To conform to PCI Data Security Standards (DSS) regarding credit card numbers, CallRex can encrypt recording files. These files cannot be exported or played directly from the disk, but they can be played through the CallRex Client UI. PCI-DSS requires that two people are each given a fragment of the encryption key, so that no individual can decrypt the data. During the creation of an encryption key, CallRex requires two people with Administrator access to provide their CallRex user name and password simultaneously.
The CallRex administrator should change the encryption key yearly to ensure security. Fifteen days before the current key reaches one year old, CallRex sends a message to the address in the Email Settings (Notifications) section of this page, reminding the administrator to change the key. In the event that the current key is left in place for over a year, recordings will still be encrypted with this key.
Apart from setting CallRex to encrypt recordings, you can also configure it to:
Not encrypt new recordings.
Re-encrypt encrypted recordings using a new key.
Decrypt encrypted recordings.
|
Any changes you make to the encryption settings are applied by a background task; this may take an appreciable time if many recordings require processing. If the Call Recording Service is not running, record processing will be delayed. |
|
You must configure a custom service account before you enable recording encryption. |
To set the Recording Encryption:
In the navigation bar, click Administration > General. The General page is displayed. The Encryption Settings section displays the current encryption state (Active or Inactive) and the age of any current encryption key in days. If the key is more than one year old, the age is highlighted in red.
In the Encryption Settings section, click Change. Two CallRex administrators must now enter their CallRex user names and passwords.
The first administrator enters their credentials, then the second administrator enters theirs.
As required, set:
Enable Encryption - to create a new key and use it to encrypt new recordings and existing unencrypted recordings. If Revoke Existing Keys is also set, existing encrypted recordings are re-encrypted using the new key. If Revoke Existing Keys is not set, a new key is not generated and no (re-)encryption takes place.
Revoke Existing Keys - to decrypt existing encrypted recordings and then apply the Enable Encryption setting. If this is not set, existing encrypted recordings are left encrypted with their original keys.
Click OK. If you set Enable Encryption, a new key is generated and applied. For security, CallRex splits the key data into halves, and you are prompted to save backups of these halves.
In response to the prompt, click OK to save the first half.
In response to the prompt, click OK to save the second half.
Configuring Email Notifications
Adjusting the Call Audio Volume
Managing Recording Encryption Keys
Was this topic helpful?
