The blackchair LOGO
CONTACT US
BOOK A DEMO

Customer experience FAQs

Customer experience FAQs

Read our FAQs below for insight into the Blackchair platform and how it works

What technology languages/platforms are utilized in the application? 

We use several components to optimize each part of the Blackchair platform.

Does the Blackchair platform operate on-premise or on the cloud?

The Blackchair solution can be customized to run on the cloud, on-premise or a combination of both, depending on how you want to run the setup.

What cloud providers do you use to support your services?

Our clients require consistent, high-quality performance, so we work with only the best cloud providers - Amazon, Google, and Microsoft

What security practices are you following?

We have researched the best security practices recommended by Amazon, Google, and Microsoft and built our data policies around these security practices.

What countries are you deployed in, if any?

We are not restricted to any country, geography or data center; we operate based on our client's requirements.

Do you offer an on-premise solution for your customers?

Yes, on-premise is an option available for clients who want it, alongside our cloud deployment offerings.

Do you require personal data? If so, can you describe what you need?

No, Blackchair does not require or carry any personal company data for services rendered.

Which class of employees have access to personal data - full-time staff or third-party contractors?

No, we do not have any access to personal or sensitive data because we do not request that kind of information from our clients.

Do you keep sensitive data in hard copy? If so, please describe.

No, we do not request any sensitive data or store it in hard or soft copy.

What are the processes for taking out customer data?

We do not store any customer data.

Do you have an internal password policy?

Yes, we have a strict internal password policy.

Can third-party vendors access your customers' information? If so, please list the vendors who access your customers' information.

No, third-party vendors cannot access customer systems and information. 

How often do you review your information security policies?

We review and update our information security policies once a year.

Are your information security and privacy policies aligned with industry standards?

Yes, our policies are in line with industry standards like ISO-27001, NIST Cybersecurity Framework, ISO-22307, and CoBIT.

Do you have an option that allows for an exception in extenuating circumstances?

We have a policy exception process to better support our clients.

Do you conduct background checks on your employees?

Yes, all our employees - including third-party contractors - are subject to background verification.

How would you handle a change in employment status or a termination?

Following a change in employment status or termination we include timely revocation of access and return of assets.

Describe the tools you use for vulnerability management.

Our third-party penetration testers use all the tools necessary to conduct a detailed, comprehensive test.

Do you regularly evaluate patches and updates for your infrastructure?

Not applicable.

Have you uniformly configured the host where the service is running?

Yes, we have uniformly configured the hosts.

How many engineers/operations staff review changes to the production environment?

Yes, we make sure that any changes made to the production environment are reviewed by two engineers.

What is your process for making changes to the network configuration regularly?

No, we do not make changes to the network configuration regularly.

How do you protect network traffic travelling from public networks to the production infrastructure?

Yes, any network traffic going through the production infrastructure are cryptographically encrypted connections like TLS, VPN, IPSEC, etc

What measures do you take to protect network traffic over public networks and production infrastructure?

We use the AES-128 framework cyptographic frameworks to store passwords.

What process do you have for logging all security events?

We maintain a log of all security events. When an event is flagged we will log in and conduct an internal review.

Do you have a Security Incident Response Program in place?

Yes, we have a Security Response Program. When a security breach occurs, the incident is logged in our incident management system. We will then investigate the breach and take remedial action, if necessary.

Do you test your Incident Response Plan? If so, please describe how it is tested.

We have an incident response plan in place. We simulate security incidents and study how the incident management team responded.

Do you have a formal service level agreement (SLA) for incident response?

Yes, we have prepared a formal service level agreement, specifically for incident responses.

Do you do static code analysis?

Yes.

What processes do you have in place to ensure code is developed securely?

A set of tools is used to perform static code analysis securely. In case of vurnerabilitiy the results will be selected for further analysis, and broken down by source code language, issue type, and priority.

Do you incorporate threat modeling into the design phase of development? What are the processes involved?

Yes, the threat modeling is part of our agile process. When the system changes, we measure the security impact those changes might have during a sprint/feature build.

Do you train developers in SSDLC/ Secure Coding Practices?

Yes, we train developers in Secure Coding Practices, especially those who are doing code reviews, architecture analysis, and design reviews.

What percentage of your production code is covered by automated tests?

A set of tools is used to perform static code analysis securely. In case of vurnerabilitiy the results will be selected for further analysis, and broken down by source code language, issue type, and priority.

What system do you have in place to validate build artifacts from promotion to production?

We have a pre-production system to validate build artifacts for promotion and production.

Do you maintain a bill of materials for third-party libraries or code in your service?

Yes, we maintain a bill of materials for third-party libraries or code.

Do you outsource development to third-parties or is there open source project inclusion?

Yes, we contract third-parties on certain projects.

What is the process for authenticating users?

The method of authenticating users changes based on whether the system is integrated into the cloud or in on-premise windows. If the system is installed on-premise, then we use pass-through authentication. However, if the system is installed on the cloud, we utilize an internal authentication process. This applies for both public and private cloud platforms, the only exception being when we use third-party authentication.

Does your application allow user MFA to be enforced by admins?

Yes, admin users can enforce multi-factor authentication provided they have purchased the option.

What audit trails and logs are used to access customer data?

We do not store any customer data.

Does your application allow for custom data retention policy for customer data?

We do not store any customer data.

Does your application provide a sandbox environment to customers for testing?

Yes, applications provide a sandbox environment to customers for testing provided they have purchased the option.

Do you conduct internal audits of the service? If so, please describe the scope, remediation process, and frequency of audits.

Our internal audits cover system performance, security incidents, and customer raised incidents. We conduct the audit on a quarterly basis.

What IT operational, security, privacy related standards, certifications and/or regulations do you follow?

We follow the regulations associated with ISO 27001 and 27701.

Book a demo and see for yourself!

Automate contact center capabilities, free up resources, and achieve cloud migration excellence.

BOOK A DEMO