Data security is no small matter for individuals and professionals alike. There are many risks, both internal and external. Whether it's a sophisticated hack or a simple oversight when opening an email, these risks can leave our data vulnerable. Companies handle a lot of data - employee data, client data, final client data, .... - whether it is personal or not. It is therefore essential for any company to define and implement adequate security measures for data protection. These organisational and technical security measures must guarantee the confidentiality, integrity and availability of data - the so-called "triad".
Protecting this triad, which is at the very basis of IT security, is essential for a company like Onepilot. It is in this context that the security team is entrusted with the mission of defining, implementing and above all maintaining a global security policy. This policy sets numerous objectives and associated metrics. These objectives relate in particular to the security of premises and workstations, but also to the recruitment of employees and agents, the management of roles and authorisations, and training and continuous awareness-raising.
Outsourcing customer support requires data sharing. In order to satisfy our clients’ and final client’s requests, we need to know their identity and their history on a given site but also to ask them for additional information. These requests are a mixture of personal data (surname, first name, e-mail and/or postal address, etc.) and traditional customer support data (questions about stock availability, various requests, complaints, etc.). These data are essential to guarantee a quality service and must be protected in accordance with our security objectives.
Transparent provider-client communication
Every day, Onepilot's teams process tens of thousands of messages and the associated customer data. One of the first duties of an outsourced customer service such as Onepilot is therefore to ensure transparent and regular communication with our clients.
From our first discussions, we introduce a customised body of documentation dedicated to user data security. We have written and implemented all the procedures and policies required by both the RGPD and the ISO 27001 standard. At Onepilot, we adapt to your level of maturity in terms of security. The needs will not be the same depending on the size of the internal teams, the presence of a CISO/DPO or the volume and sensitivity of the data. These moments of exchange allow for a discussion on security issues in order to develop processes towards greater security. Because outsourcing does not have to be synonymous with risk.
As soon as a new client is onboarded, access to the tools needed to process requests will be shared. This sharing can be a source of concern and we understand this. Therefore, we systematically perform a thorough audit of the access provided to restrict any permissions that are not necessary for our operational needs. This allows us to reduce the risk of inadvertent alteration or deletion of your data. In sum, our agents only have access to the data they need to respond to final clients requests.
The main contact for these issues is Onepilot's Data Security Officer, Manon. She guides each client from the outset and ensures follow-up throughout the contractual relationship, whether to answer any questions, to help with a particular problem or to jointly manage any security incident. A dedicated email address (email@example.com) enables any request to be prioritised and answered as quickly as possible.
A robust security system
Our promise is to guarantee the security of your data, in all circumstances. How do we do this? Through a security system, including both technical and organisational measures. These measures are constantly applied and improved by our teams.
To develop a strong and sustainable data security culture at Onepilot, a training and awareness programme allows us to plan various operations, such as dedicated workshops for our business teams, fake phishing campaigns, practical newsletters, etc…
On a technical level, the protection of access to business tools, the monitoring of their use and the management of sessions are provided by the "Onepilot Cockpit". This proprietary Chrome extension allows us to closely control the access and actions of our agents on your tools. We can therefore detect anything outside of operational requirements and act without delay. This technology guarantees a fully secure Onepilot-managed working environment. We are now deploying it to all our clients and regularly improving its functionality.
The need for continuous improvement
Data security must evolve as quickly as the risks inherent in data protection. Continuous improvement is essential and should be seen as an opportunity rather than a burden.
Onepilot's security standards are based on ISO 27001 and to ensure that they remain adequate and sufficient, several actions are implemented. Firstly, we keep a watch throughout the year, in order to monitor all developments and challenges in the field of cybersecurity. Secondly, an annual audit, which allows us to review the existing documentation and the implementation of technical measures in order to maintain a security system that is compliant from a legal and regulatory point of view, but above all aligned with the needs of our clients. Additional audits are also carried out in the event of changes to our information system (new subcontractor, new permissions, etc.).
Finally, and in order to work with our clients' teams to implement and continuously adapt an adequate security policy, we make available all of our data security resources (thematic newsletters, FAQs, dedicated decks, etc.).
Do you have any questions on the subject? Our Data Security Officer is available to discuss your issues!