Certifications

Callzilla maintains PCI DSS compliance to ensure the secure handling of payment card data across all relevant programs.

Established by the PCI Security Standards Council, PCI DSS defines comprehensive security requirements for organizations that process, transmit, or store cardholder data. Our approach includes continuous risk assessment, proactive remediation, secure system architecture, and documented reporting practices. PCI compliance is embedded across departments, reinforcing protection at both the technological and operational levels.

Callzilla holds SOC 2 Type II certification, validating both the design and sustained effectiveness of our internal controls.

Under the Trust Services Criteria, Security, Availability, Processing Integrity, Confidentiality, and Privacy, our controls are independently evaluated over an extended period, providing assurance of consistent operational performance and data protection. This certification reflects our commitment to structured governance, risk mitigation, and reliable service delivery at scale.

The California Consumer Privacy Act was implemented in 2018 to give consumers more control over the personal information businesses collect from them. CCPA regulations were created as a guideline for the act, which are the guidelines that Callzilla adheres to. While only California residents have rights under the CCPA, these guidelines are widely implemented as a company policy.

The CCPA defines personal information as your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics. However, any publicly available information from government records (like professional licenses or property records) would not be protected under CCPA.

Rob Bonta, the Attorney General in California, summarizes the privacy rights as:

1. The right to know about the personal information a business collects about them and how it is used and shared.
2. The right to delete personal information collected from them (with some exceptions).
3. The right to opt-out of the sale of their personal information; and
4. The right to non-discrimination for exercising their CCPA rights.

The Health Insurance Portability and Accountability Act is a federal law implemented in 1996 to specifically protect one’s sensitive health information. Under this national standard, this kind of sensitive health information cannot be shared without a patient’s knowledge or consent.

Callzilla is HIPAA compliant, which means we adhere to the HIPAA Privacy Rule and Security Rule. The Privacy Rule safeguards protected health information (PHI) with a list of standards that address the use and disclosure of individuals’ health information. This covers healthcare providers, health plans, healthcare clearinghouses, and business associates.

According to the CDC, the Privacy Rule does not apply in these cases:

1. When required by law
2. Public health activities
3. Victims of abuse or neglect or domestic violence
4. Health oversight activities
5. Judicial and administrative proceedings
6. Law enforcement
7. Functions (such as identification) concerning deceased persons
8. Cadaveric organ, eye, or tissue donation
9. Research, under certain conditions
10. To prevent or lessen a serious threat to health or safety
11. Essential government functions
12. Workers compensation

The HIPAA Security Rule protects a subset of that PHI, specifically any PHI received in electronic form. To be compliant, Callzilla complies with the following standards outlined by the security rule:
• Ensure the confidentiality, integrity, and availability of all electronic protected health information
• Detect and safeguard against anticipated threats to the security of the information
• Protect against anticipated impermissible uses or disclosures
• Certify compliance by our workforce

In summary, we respect and value our customer’s privacy. It’s important to us to reenforce these standards on a yearly basis, so we work hard to implement these practices company-wide to earn our certification renewals each year. If you have any questions on these standards and practices, feel free to contact us!

Perhaps the most common certification, it is important if your contact center is collecting credit card information from your customers. Referred to as PCI for short, it’s an industry standard designed to make it safer to use credit cards online by making sure that businesses collecting credit card data transmit and store it securely. If you keep your systems secure, customers can trust you with their sensitive payment card information. As the Security Standards Council enhances its requirements, Callzilla renews its certification to ensure the standards are up to date with best practices.

How exactly does PCI help protect your customers’ data against theft? Here are the 3 steps provided by PCISecuritystandards.org:

Assess — identifying all locations of cardholder data, taking an inventory of your IT assets and business processes for payment card processing and analyzing them for vulnerabilities that could expose cardholder data.
Repair — fixing identified vulnerabilities, securely removing any unnecessary cardholder data storage, and implementing secure business processes.
Report — documenting assessment and remediation details and submitting compliance reports to the acquiring bank and card brands you do business with (or other requesting entity if you’re a service provider).

As a quality management system, Callzilla’s ISO 9001:2015 certification ensures that our processes are well documented and followed.

Under this requirement, each department must:

a) demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and

b) aim to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

Callzilla’s certification code is SC-CER822628-2

For more information, visit ISO’s website.