Cloud Computing Platform

Calabrio uses Amazon Web Services (AWS) and Microsoft Azure as our cloud computing services for building, testing, deploying, and managing applications and services through global network data centers provided by Microsoft or Amazon and managed by the Calabrio ONE Cloud Ops team.

Calabrio has run on Microsoft Azure since 2010 and AWS since 2016. We continuously improve and take advantage of the new innovations from both providers.

Calabrio follows an agile software deployment process that enables us to quickly define requirements, develop new features and solutions, and seamlessly deploy frequent software updates. Calabrio has several cross-functional agile teams across all areas of the Calabrio ONE Suite that includes teams that specialize in Identity and Access Management, Cloud Ops, WFM, Integrations, and more.

Calabrio’s Software Development Life Cycle includes:

• Detection, and remediation of software vulnerabilities on each release
• Use of industry standard tools for managing open-source license compliance
• Annual security training for developers

Calabrio uses a host of security measures to ensure your information is safe in the Cloud. Calabrio ONE automatically encrypts all your data—while it is in use, in transit, and in storage. Calabrio’s multi- tenanted architecture means only our customers have access to their data and no one else. Furthermore, Calabrio ONE has a slew of features that can further increase the security of your data such as,

• Double encryption is used in securing data at rest and in transit with keys unique to each customer
• TLS 1.2 or higher
• RSA-2048 (with asymmetric keys) encryption method that secures data at rest and in transit in AWS
• Transparent Database Encryption (TDE) in Azure
• SSO authentication options
• Role-based access controls (RBAC) supported through configurable permission and view settings

Check out Calabrio‘s commitment to Information Security to learn about the many ways we keep your data safe.

We take privacy seriously, which is why your data is handled with the utmost care. We meet the compliance standards and privacy regulations of a wide range of industries and regions. Calabrio ONE can be configured to meet international data privacy laws such as GDPR and state privacy acts such as CCPA from the state of California. Here are some of the Calabrio ONE features you can use to meet your organization’s compliance requirements:

• Built-in system-wide auditing feature
• Workflows that can delete customer data and records
• Highly customizable storage solutions
• Pause and resume calls when sensitive information is discussed

Find out more about how Calabrio meets your organization’s privacy and compliance needs here: Calabrio Inc. Privacy Policy, PCI Compliance with Calabrio ONE, Security and Compliance, Calabrio is Committed to Information Security, and GDPR Compliance with Calabrio ONE.

Regulatory Compliance

Calabrio ONE is configurable to meet the following privacy standards, laws, and regulations: PCI-DSS for Service Providers HIPAA, and MiFID.

Certification Details

Calabrio ONE undergoes the following audits and tests regularly so you can be sure your data is safe.

• Calabrio Audit Certifications – renewed annually
  ISO27001, ISO 27002
  SOC2 Type I and Type II
  PCI Attestation of Compliance (AoC)
• Penetration Test – completed annually
• Security Vulnerability Scans – completed quarterly
• Calabrio evaluates audit reports annually for Azure, AWS, Salesforce, and others

Calabrio uses continuous delivery to provide corrections, improvements, and new functionality to the service. Typically, the service is updated once a week. To minimize disruption to your service, we schedule maintenance and updates during non-business hours. View upcoming scheduled maintenance on the Calabrio ONE Cloud Status site.

All new features and bug fixes are cataloged in the Calabrio ONE Cloud Release Notes.

Calabrio continuously monitors the service and collects information about usage and service health, such as up-time, security breaches, and performance. View the current Cloud status on the  Calabrio ONE Cloud Status site.

Calabrio has a robust number of measures in place to meet your organization’s business continuity standards. Calabrio’s overall business continuity and crisis plan measures are based on a strategic framework and underlying analysis. Those measures include,

• Built-in high availability via server redundancy
• Built-in anti DDoS mechanisms
• Automatic monitoring and alerting to Calabrio’s cloud team for proactive action See Calabrio Cloud Standard Service Level for more.

Annually, Calabrio conducts a series of audits using third party assessors. These audits include an examination of our Business Continuity capability. Calabrio’s Business Continuity plans are updated annually by the Calabrio Management team. The plans are subject to testing on an annual basis. Calabrio maintains documentation detailing critical roles and employee call lists.

Database backups are an essential part of Calabrio’s business continuity and disaster recovery strategy, and data protection techniques are employed to protect against incidental loss and ransomware threats.

AWS and Microsoft Azure SQL Databases are continuously backed up. Microsoft Azure SQL Databases allow for a point-in-time restore for up to 7 days back in time and thereafter weekly backups are available for up to 5 weeks.

Moreover, Calabrio leverages High Availability infrastructure to ensure uptime of the service:

• Geographically diverse infrastructure in multiple availability zones with load balancing and redundancies in place to mitigate disasters affecting a datacenter
• Built-in protection from Denial of Service
• Automated monitoring and alerting to Calabrio’s cloud response teams

Calabrio ONE allows you to manage retention periods for WFM data, configure storage profiles, and set up external storage locations outside of Calabrio ONE. The Storage Profiles feature allows you to choose which storage location Calabrio ONE uses to store a team’s audio and screen recordings and Analytics data, based on the age of the recording and data files. Overall, Calabrio offers pricing simplicity, bursting for cost-efficient agility, and flexible storage options.

To learn more about data retention and storage see “WFM Data Retention Policy” and “Configure Storage” in the Calabrio ONE Cloud User Guide.

Browsers

Calabrio ONE is accessed over the internet, using modern versions of Chrome, Edge, or Firefox web browsers and remote desktops. Every user needs a unique email address that becomes their username. See the Calabrio ONE Product Compatibility Matrix for the full list of compatible web browsers and remote desktop software.

Ports

Generally, only port 443 to our web services needs to be open to connect to Calabrio ONE. Exact port requirements vary depending on your ACD. See “Port Usage” in the Calabrio ONE Cloud Installation Guide for port requirements specific to your ACD.

Network bandwidth

Generated audio media data that is uploaded to Calabrio for processing and storage requires network bandwidth availability. To ensure no interruption to uploads, voice communications, or any other customer applications, it is highly recommended that you calculate your estimated daily amount of data to upload based on the formulas below and understand how this will impact your network.

Recording Time (Daily Recorded Minutes)

 (# of users) × (# of calls per user per day) × (avg call length (minutes))

Daily Audio Data Upload

The daily size of audio recording data to upload is calculated from your daily recording audio minutes:0.46 MB × recording time daily recorded minutes

Note that if you are using one of our CCaaS partners (and are not recording call audio in your own premises) there will be no requirement for any audio upload. We transfer audio data directly from cloud to cloud for these platforms.

Daily Screen Data Upload

The daily size of screen recording data to upload is also calculated from your daily recorded minutes:

number of screens per agent × 1.5 MB × recording time daily recorded minutes

Note that you may want to extend your daily recorded minutes to account for an extra thirty seconds of after call work recording of the screen.

Other Technologies

Calabrio ONE supports and integrates with many other technologies. For the latest list of supported product compatibility information, check out the Calabrio ONE Supported Product Compatibility List on the User Documentation page of the Calabrio ONE Success Center. The list contains the latest information on operating systems, desktop web browsers, smart device browsers, server operating systems, VMware, thin client servers (remote desktop), and more.

Usage of Calabrio ONE is measured by licenses that grant you legal access. Subscription billing and burst licensing are the two licensing models used for Calabrio ONE-hosted Cloud deployments. When you purchase a subscription to Calabrio ONE, you agree to what Calabrio calls a “minimum monthly commitment”: a minimum number of seats bought at a particular price. If you use more seats than you agree to in your monthly commitment, Calabrio bills you for each of them. These are called “non-committed user fees.” Calabrio bills you periodically: either monthly, quarterly, or annually.

NOTE – The license model may vary depending on your purchased Calabrio ONE products.

See “About Licenses” in the Calabrio ONE User Guide to learn more.

Calabrio works with a variety of platform, reseller, developer, and services partners to create best-in-class contact center technology solutions. Calabrio customers ultimately benefit from our highly successful strategic partnerships. Long-standing relationships, continuous engagement, and shared roadmap visibility position us to provide an intuitive and comprehensive unified communication and workforce optimization solution to contact centers.

More information on Calabrio partners and integrations is available here and in Calabrio Success Center User Documentation.

What is the Calabrio WFM mobile App?

Calabrio WFM mobile App connects to the customer WFM tenant and lets agents use the solution the same way as if they were connected to Mytime from a browser. They can view schedules, trade shifts, send absence or overtime requests in an optimized way for mobile usage.

To use the mobile App, valid WFM credentials are needed and a Permission role allowing access to MyTime.

The App is distributed on Google Play store and Apple App Store.

How is the mobile App working?

The mobile App is working as a wrapper for a web browser that accesses the MyTime WFM application.

What customer data is stored locally in the mobile App?

The only information that the App holds locally is the URL to MyTime. Agent ids, apple ids, passwords, or anything similar are not stored locally in the mobile App.

What data is transferred to and from the mobile App?

Communication to and from the mobile App is secured via https TLS 1.2.

The mobile App communicates with:

• The Calabrio WFM cloud (in a defined Cloud region) for login and data transfer (use of the App such as accessing schedules, trading shifts, making absence/overtime requests…)
• Google Firebase (Global Infrastructure) for:
  • In-App push notifications (via Firebase Cloud Messaging)
    • On initial start-up of the mobile App, the FCM SDK generates a registration token for the mobile App instance. This will be used to identify the mobile device in future so that notifications can be sent to the specific device.
    • When an agent successfully logs into the mobile App, we store the token for the current logged in agent within the Calabrio WFM database. This is the only place that the association between an agent and the registration token is stored – we do not send any agent information from Calabrio WFM (such as Agent ID) to Firebase.
    • When a notification is sent to the users, the messages are encrypted in both transport and while they are stored on Google’s servers. This happens during a short period of time and the messages’ payload is not retained on Google’s data centers.
    • It is possible for an agent to be associated with many different devices. In this scenario, when a notification is sent, then there will be multiple tokens associated with that agent in the WFM database and the notification will be sent to all devices associated with that user.
    • In-App push notifications are used to automatically send information on significant shift changes to the concerned agents, or free text notifications sent by a Manager to a group of Agents on demand.
• Crash reports (via Firebase Crashlytics)
  • Information containing the type of mobile hardware, software is logged together with the crash reports to enable Calabrio software engineers to act upon them and ensure quality of the service.
  • These do not contain information about individual users.
  • On initial startup of the mobile App, users can choose to opt in/out this service.
• Usage statistics (via Google Analytics for Firebase)
  • Anonymous data collected to improve the mobile App.
  • Full information on Data collection from Google Analytics for Firebase can be found here: https://support.google.com/firebase/answer/6318039?hl=en&ref_topic=6317497
  • On initial startup of the mobile App, users can choose to opt in/out this service.