The client is a company specializing in contact center services and is part of a larger group, with its headquarters located in the United States. This entity provides support across several industries including Healthcare, Aviation, Travel, Retail, and Telecom. The services encompass voice and non-voice customer support, technical assistance, billing inquiries, order management, collections, etc. The company operates from 9 locations across 3 countries.
The Challenge:
- The majority of the technology infrastructure is centrally managed in the US, yet each country operates its own data centers and local systems to support the contact centers.
- While the core IT teams are based in the US, local IT support teams and other business or support functions such as Human Resources, Facility Management, and Business Operations are distinct for each of the 9 locations.
- Although each contact center follows similar central policies, there are unique procedures and business operations at each location, making it challenging to conduct an audit within the strict deadline of 3 months as set by the client.
The Solution:
- Panacea Infosec categorized all business operations/processes based on various criteria such as card-related dependencies, location, and the applications/solutions used. This classification helped identify 6 sites with unique features that required mandatory on-site visits by a qualified security assessor (QSA), while the remaining 3 sites had no unique business operations or technology dependencies.
- A sampling method was adopted to perform the assessment within 3 months, which included comprehensive audits of all relevant controls at the 6 identified locations. The approach ensured coverage of all 3 countries by a QSA, with a dedicated QSA assigned to each for better coordination and correlation, enabling the company to achieve certification within the challenging timeframe of 3 months.