CBA is committed to ensuring the security and integrity of any data you entrust to us. This is why we have put in place industry best-practices to ensure data security. As we evolve as a company, we are continually reevaluating and improving our security measures.
If you have any questions, please contact the CBA Security team at email@example.com.
Datacenter and Network Security
CBA hosts service and configuration-level data for Live Assist for Microsoft Dynamics 365 in three Microsoft Azure data-center locations worldwide, that are ISO 27001/27002 and SOC 1/2 compliant. For more information, please see the published information about datacenter security.
Our third-party vendor for web chat/messaging, Live Person, provides information on their datacenter and network security measures here: Security - LivePerson Knowledge Center.
Data at rest
Data stored at rest is limited to the following type of information.
|Data store||Type of Data|
|Agents and Organizations Database||Summary data for each CRM Instance (URL, name, contact), Agents (names, usernames, chat roles)|
Audit trail of system activity together with events useful for service monitoring and support. E.g.:
|LivePerson (3rd Party) Database||
Agent information and chat transcripts
|Microsoft Dynamics Customer Environment||
Agent information and chat transcripts
Data in transit
All data in transit between services both internal and external LAD365 is encrypted with TLS 1.2 for non-web services, and HTTPS for web traffic, along with the use of JWTs for agent authentication between Dynamics and our third-party processor for chat and messaging. JWTs can optionally also be used to authenticate visitors or end-users.
This section can show some diagram showing how security is implemented in our underlying infrastructure.
Fig 1 - Live Assist for Microsoft Dynamics 365 Service architecture and data flow diagram.
Network Vulnerability Scanning
We perform regular security vulnerability scanning against our product to ensure we find and patch security issues as soon as they are discovered.
Third-party Penetration Testing
We hire security experts on an annual basis to perform extensive penetration testing across the LAD365 infrastructure to ensure we maintain security and compliance.
Availability and Disaster Recovery Plan
Our security incident SLA and incident response plan is discussed here.
We provide high-availability and failover in the event of a disaster by locating services in Azure datacenters hosted in geographically redundant regions.
The regions used are West US 2, East US, East US2, West Europe, UK South, East Asia and South East Asia.
For more information on these physical locations, please see: https://azure.microsoft.com/en-us/global-infrastructure/geographies/.
CBA is Privacy Mark certified, which means that our staff are trained according to strict rules and regulations regarding how to handle private and confidential data.
We also implement the human resource security requirements of ISO 27001.
ISO 27001 Certified
CBA as a company is ISO 27001 certified, and a copy of our certificate can be viewed as an attachment on this page.
- Chat transcript data is retained for 13 months. For more information, see https://lafor365support.zendesk.com/knowledge/articles/360006210513/en-us?brand_id=1360025.
- Chat transcription data can be set to be stored in a customer's Dynamics CRM database instead of LivePerson database.
- Event/Audit logs related to the Live Assist and Dynamics CRM configuration are kept for 6 months. This includes events related to provisioning of accounts, user logins successes and errors, chat activity starts and chat activity closes.
The privacy policies for Live Assist for Dynamics 365 can be found here:
Communication Business Avenue's privacy policies can be found here:
LAD365 powered by CBA is fully GDPR compliant. More information can be found in the GDPR compliance statement, attached to this page.