Compliance
CallQA maintains comprehensive compliance with global regulations and industry standards to ensure your data is protected and your business meets its legal obligations.
Compliance Overview
Compliance with international regulations and frameworks
Industry-recognized certifications and attestations
Independent third-party audits and assessments
Comprehensive compliance documentation available
CallQA is committed to maintaining the highest standards of compliance across all aspects of our operations. Our comprehensive compliance program ensures that we meet or exceed regulatory requirements while providing you with the tools and documentation you need to meet your own compliance obligations.
Our Compliance Commitment
- Continuous monitoring and improvement
- Regular risk assessments
- Employee training and awareness
- Transparent reporting
Compliance Benefits
- Reduced regulatory risk
- Enhanced data protection
- Improved customer trust
- Competitive advantage
Regulatory Compliance
Full compliance with EU GDPR requirements for processing personal data of EU residents.
Key Requirements Met:
- Lawful basis for processing
- Data subject rights implementation
- Data Protection Officer (DPO) available
- Data Protection Impact Assessments (DPIA)
- Breach notification procedures
Compliant with California's privacy law providing enhanced consumer privacy rights.
Consumer Rights Supported:
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of data sale
- Right to non-discrimination
HIPAA compliant for healthcare organizations processing protected health information (PHI).
HIPAA Requirements:
- Privacy Rule compliance
- Security Rule implementation
- Breach Notification Rule
- Business Associate Agreements (BAA)
SOC 2 Type II certified for security, availability, processing integrity, confidentiality, and privacy.
Trust Service Criteria:
- Security - System protection
- Availability - System accessibility
- Processing Integrity - System completeness
- Confidentiality - Data protection
- Privacy - Personal data handling
Industry Standards
International standard for information security management systems (ISMS).
Privacy information management system extension to ISO 27001.
Payment Card Industry Data Security Standard for secure payment processing.
National Institute of Standards and Technology Cybersecurity Framework.
Center for Internet Security Controls for cyber defense.
Federal Risk and Authorization Management Program compliance.
Data Residency
Global Data Centers
CallQA operates data centers in multiple regions to meet your data residency requirements:
North America
- • US East (Virginia)
- • US West (California)
- • Canada (Toronto)
- • Mexico (Querétaro)
Europe
- • EU West (Ireland)
- • EU Central (Frankfurt)
- • UK (London)
- • Switzerland (Zurich)
Asia Pacific
- • Asia Pacific (Singapore)
- • Asia Pacific (Tokyo)
- • Asia Pacific (Sydney)
- • Asia Pacific (Mumbai)
South America
- • South America (São Paulo)
- • South America (Bogotá)
Data Residency Options
Standard
Data stored in nearest available region for optimal performance
Regional
Data stored within specified geographic region (e.g., EU, US)
Country-Specific
Data stored within specific country (Enterprise only)
Cross-Border Data Transfers
For customers requiring data to remain within specific jurisdictions, we provide:
- Standard Contractual Clauses (SCCs) for EU data transfers
- Adequacy decisions for approved countries
- Binding Corporate Rules (BCRs) for internal transfers
- Data Processing Agreements (DPAs) for all customers
Compliance Documentation
We provide comprehensive documentation to help you understand and verify our compliance posture. Available documents include:
Certifications
- SOC 2 Type II Report
- ISO 27001 Certificate
- ISO 27701 Certificate
- PCI DSS Attestation
Policies
- Information Security Policy
- Data Privacy Policy
- Incident Response Plan
- Business Continuity Plan
Agreements
- Data Processing Agreement (DPA)
- Business Associate Agreement (BAA)
- Standard Contractual Clauses (SCCs)
- Service Level Agreement (SLA)
Reports
- Annual Compliance Report
- Transparency Report
- Security Assessment Report
- Risk Assessment Report
Request Documentation
Additional compliance documentation is available upon request. Contact our compliance team at compliance@callqa.com for specific requirements.
Compliance Audits
Audit Schedule
Our compliance program includes regular audits by independent third parties:
Annual Audits
- • SOC 2 Type II
- • ISO 27001/27701
- • PCI DSS
- • Internal Controls
Quarterly Reviews
- • Compliance Status
- • Risk Assessment
- • Policy Updates
- • Training Effectiveness
Audit Process
Planning
Define audit scope, objectives, and methodology
Assessment
Evaluate controls against requirements and standards
Reporting
Document findings and recommendations for improvement
Remediation
Implement corrective actions and track progress
Audit Results
Clean Audit History
CallQA has maintained a clean audit history with no material findings in the past 3 years. All audits have resulted in successful certification or attestation.
Contact Compliance Team
Our dedicated compliance team is available to answer your questions and provide assistance with compliance requirements.