Technical Security Architecture (TSA) Information Life Cycle

Most information regulations require the management of classified information throughout its life cycle. This includes all aspects of the information flow:

  • Creation

  • Access

  • Modification

  • Deletion

NICE CXone often has contractual obligations that affect the information life cycle. This page details the general requirements for the information life cycle.

Creation

The following groups/users can create information in CXone:

  • NICE CXone.

  • Business units.

  • Customers.

Users can create information through a UI or APIClosed APIs allow you to automate certain functionality by connecting your CXone system with other software your organization uses.. CXone can also create information automatically. For example, CXone automatically creates information when an agent handles an interactionClosed The full conversation with an agent through a channel. For example, an interaction can be a voice call, email, chat, or social media conversation..

Any creation of information is seen as a request by the business unit to process the information based on its classification. The business unit, or data controller, is responsible for having a legal basis for all information creation. They are responsible for creating information without violating any of the following:

  • Agreements.

  • Security controls.

  • Business unit compliance requirements.

Access

Access to information is controlled by CXone through role assignments and permissions. Access to Customer Sensitive Information should be logged. Reports on this information should be available to the business unit. Access to other classes of information is not logged.

Modification

Modification of information is controlled by CXone through role assignments and permissions. Modifications should be logged. Reports on information modification should be available to the business unit.

Deletion

Information can be deleted from CXone. You can manually delete information or set up automated deletion. When information cannot be deleted, it can be anonymized in a way that meets compliance requirements.

CXone may also provide the ability to prevent deletion. Deletion prevention can be done in the following ways:

  • As part of a legal hold which preserves information for a legal request.

  • By storing information in WORM systems that meet financial or other regulations.

Life Cycle Capabilities

The life cycle capabilities for a type of information can be summarized as follows:

  • User-driven: A user manages the entire life cycle.

  • System-driven: The system manages the entire life cycle.

  • Hybrid: A combination of system and user-driven.

  • Advanced: System-driven but user-configured, including configuring retention periods.

Business units should understand the life cycle for the type of information that pertains to them.