Security Overview
CBA is committed to ensuring the security and integrity of any data you entrust to us. This is why we have put in place industry best-practices to ensure data security. As we evolve as a company, we are continually reevaluating and improving our security measures.
If you have any questions, please contact the CBA Security team at compliance@cba-japan.com.
Datacenter and Network Security
CBA hosts service and configuration-level data for Live Assist for Microsoft Dynamics 365 in three Microsoft Azure data-center locations worldwide, that are ISO 27001/27002 and SOC 1/2 compliant. For more information, please see the published information about datacenter security.
The regions used are West US 2, East US, East US2, West Europe, UK South, East Asia and South East Asia.
For more information on these physical locations, please see: https://azure.microsoft.com/en-us/global-infrastructure/geographies/.
Our third-party vendor for web chat/messaging, Live Person, provides information on their datacenter and network security measures here: Security - LivePerson Knowledge Center.
Data at rest
Data stored at rest is limited to the following type of information.
Data store | Type of Data | Location | Retention Period |
Agents and Organizations Database | Summary data for each CRM Instance (URL, name, contact), Agents (names, usernames, chat roles) | Azure environment operated by CBA (closest to Dynamics org region) | 1 month following deletion request |
Audit/Support Database |
Audit trail of system activity together with events useful for service monitoring and support. E.g.:
|
Azure environment operated by CBA (closest to Dynamics org region) |
6 months |
LivePerson (3rd Party) Database |
Agent information and chat transcripts |
LivePerson cloud |
13 months |
Microsoft Dynamics Customer Environment |
Agent information and chat transcripts |
Azure Environment (based on location of Dynamics org) |
Information removal dependant on Dynamics Retention policies. |
We do not store Personally Identifiable Information (PII) in our service databases relating to your website customers or visitors other than what is mentioned in our privacy policy. More information about what data is stored or processed by us or by our partners can be found in our privacy policy (linked to below) or on our partner websites.
Data in transit
All data in transit between services both internal and external LAD365 is encrypted with TLS 1.2 for non-web services, and HTTPS for web traffic, along with the use of JWTs for agent authentication between Dynamics and our third-party processor for chat and messaging. JWTs can optionally also be used to authenticate visitors or end-users.
Security Diagrams
This section can show some diagram showing how security is implemented in our underlying infrastructure.
Fig 1 - Live Assist for Microsoft Dynamics 365 Service architecture and data flow diagram.
Product Security
Network Vulnerability Scanning
We perform regular security vulnerability scanning against our product to ensure we find and patch security issues as soon as they are discovered.
Third-party Penetration Testing
We hire security experts on an annual basis to perform extensive penetration testing across the LAD365 infrastructure to ensure we maintain security and compliance.
Availability and Disaster Recovery Plan
Our security incident SLA and incident response plan is discussed here.
We provide high-availability and failover in the event of a disaster by locating services in Azure datacenters hosted in geographically redundant regions.
The regions used are West US 2, East US, East US2, West Europe, UK South, East Asia and South East Asia.
For more information on these physical locations, please see: https://azure.microsoft.com/en-us/global-infrastructure/geographies/.
Personnel Security
CBA is Privacy Mark certified, which means that our staff are trained according to strict rules and regulations regarding how to handle private and confidential data.
We also implement the human resource security requirements of ISO 27001.
Security Compliance
ISO 27001 Certified
CBA as a company is ISO 27001 certified, and a copy of our certificate can be viewed as an attachment on this page.
Data Retention
-
Chat transcript data is retained for 13 months. For more information, see Will all chat transcripts be stored within Dynamics 365? – Live Assist for 365 Support.
- If longer retention periods are required, a duplicate of the chat transcription data can be set to be stored in a customer's Dynamics CRM database, which will then be kept according to retention policies defined by the customer in Dynamics.
- Event/Audit logs related to the Live Assist and Dynamics CRM configuration are kept for 6 months. This includes events related to provisioning of accounts, user logins successes and errors, chat activity starts and chat activity closes.
Privacy Policies
The privacy policies for Live Assist for Dynamics 365 can be found here:
Communication Business Avenue's privacy policies can be found here:
LAD365 powered by CBA is fully GDPR compliant. More information can be found in the GDPR compliance statement, attached to this page.