Encryption Settings

To conform to PCI Data Security Standards (DSS) regarding credit card numbers, the Quality Management Client can encrypt recording files. These files cannot be exported or played directly from the disk, but they can be played through the Quality Management Client UI. PCI-DSS requires that two people are each given a fragment of the encryption key, so that no individual can decrypt the data. During the creation of an encryption key, Quality Management requires two people with Administrator access to provide their Quality Management user name and password simultaneously.

The Quality Management administrator should change the encryption key yearly to ensure security. Fifteen days before the current key reaches one year old, the Quality Management Client sends a message to the address in the Notifications section of this page, reminding the administrator to change the key. In the event that the current key is left in place for over a year, recordings will still be encrypted with this key.

Apart from setting Quality Management to encrypt recordings, you can also configure it to:

• Not encrypt new recordings

• Re-encrypt encrypted recordings using a new key

• Decrypt encrypted recordings.

To set the Recording Encryption, complete the following steps.

1. In the navigation bar, click Administration > General. The General page displays. The Encryption Settings section displays the current encryption state (Active or Inactive) and the age of any current encryption key in days. If the key is more than one year old, the age is highlighted in red.

2. In the Encryption Settings section, click Change Key. Next, two Quality Management administrators need to enter their Quality Management user names and passwords.

3. The first administrator enters their credentials, then the second administrator enters theirs.

4. As required, set:

   • Enable Encryption - to create a new key and use it to encrypt new recordings and existing unencrypted recordings. If Revoke Existing Keys is also set, existing encrypted recordings are re-encrypted using the new key. If Revoke Existing Keys is not set, a new key is not generated and no (re-)encryption takes place.

   • Revoke Existing Keys - to decrypt existing encrypted recordings and then apply the Enable Encryption setting. If this is not set, existing encrypted recordings are left encrypted with their original keys.

5. Click OK. If you set Enable Encryption, a new key is generated and applied. For security, the Quality Management Suite Client splits the key data into halves, and you are prompted to save backups of these halves.

   1. In response to the prompt, click OK to save the first half.

   2. In response to the prompt, click OK to save the second half.

6. Restart the Call Recording Service and Data Service for QMS to encrypt existing WAV files.

   Any changes you make to the encryption settings are applied by a background task; this may take an appreciable time if many recordings require processing. If the Call Recording Service is not running, record processing will be delayed.

See Also:

Using the Key Management Tool

Adjusting the Call Audio Volume

Audit Logging

Configuring Alerts

Was this topic helpful?