Security and Auditing

Security

Modern enterprises need to know their communications protocols are secure.  Your QOCCA session is fully encrypted end to end.

What happens at the start of your QOCCA session:

  1. QOCCA attempts to connect to the QOCCA service.
  2. QOCCA requests the QOCCA service identify itself.
  3. The service sends QOCCA a copy of its security certificate.
  4. QOCCA checks whether it trusts the certificate.  If so, it sends a message to the service.
  5. The service sends back a digitally signed acknowledgement to start an encrypted session.
  6. Encrypted data is shared between QOCCA and the QOCCA service.

Security-Diagram

ex Please note QOCCA’s end to end encryption is not applicable to QOCCA call services.  These services are routed through your mobile network provider.  However the QOCCA call services themselves are not hosted by 3rd party providers.   All QOCCA conferencing runs on our own call servers.

End to end encryption of your session data is good.  But what of the data itself.  A key part of security is full control over your information.

You’ve probably read already the concept of QOCCA Message Threads.  In the Messaging section we stated :

Think of message threads as topics in which you have ongoing dialogues with your QOCCA teams and users.’

Think about the case where you send a message as part of a thread and some of the recipients are offline.  QOCCA must retain the message you sent in order to forward it to the intended recipients when they come back online.

But at some point you don’t want the information in that dialogue to be freely available anymore.   Each QOCCA message has a Time To Live.  Once that time has expired users will no longer be able to download or access the message.  The message is removed from their device.

Regardless of the Time To Live period, the local device will remove the message based on it’s own internal Keep Period modifiable in the local QOCCA Settings.

This is especially important in an enterprise where devices are shared between employees.   Data retention is restricted to the scope of the message.

Auditing

Did you know QOCCA is used in alerts based emergency services?  That’s why auditing is fully integrated into QOCCA.  Emergency services need to know they can return to the scene of the crime so to speak at any time to re-examine and analyse an incident in order to improve response time and internal processes for future incidents.

Of course this paradigm isn’t limited to emergency services.   And often an audit trail is a legal obligation.

QOCCA gives you the auditing tools to archive and learn from past incidents.  Every call, every movement, every video, voice and other message is right at your fingertips.  You can follow each message thread as it happened in timeline format.  You can listen to the conference call where decisions were taken to analyse ways to do it better next time.

With QOCCA you’re covered.

Of course how long you keep this data is up to you.   It’s all configurable with QOCCA.