Building a secure-by-default support floor
Security in BPO operations is usually retroactive. A breach happens, controls get bolted on, the deck gets longer. We started from the opposite premise: design the floor so the controls procurement asks about already exist, and the architecture artefacts we send out under NDA already match what we operate.
This post is a tour of the load-bearing pieces. Not the full SOC 2 control set — just the ones that change how the operation actually runs.
Your tenants, your data
The most important architectural choice is the one most BPOs avoid: we operate inside your Zendesk, Ujet, and CRM tenants. There is no Seneca-side shadow database with customer PII, transcript copies, or recording archives sitting outside your control.
What that means in practice:
- Data retention follows your policy and your BAA, not ours.
- When a customer issues a deletion request to you, executing it deletes the record everywhere — no rogue copy in our infrastructure to chase.
- Your auditors review your tenant logs; ours just shows agent activity within it.
Endpoints designed for the job
Agents work from managed workstations. The build is intentionally boring:
- Full-disk encryption, screen-lock policies, no local PII storage.
- No removable media — USB ports blocked at the OS level, not by policy.
- Fortinet VPN for all customer-tenant access. Per-pod egress rules so a fintech engagement's traffic can't accidentally cross a SaaS engagement's perimeter.
- Screen-recording controls applied per pod — for PCI engagements, fields with cardholder data get masked in the recording before it's even captured.
We treat the workstation as part of the security perimeter, not a separate concern.
Incident response that's been rehearsed
A runbook nobody has practiced is documentation, not a runbook. Ours covers:
- Isolation paths for a compromised workstation or account.
- Client notification timelines that match contractual obligations.
- Third-party forensic engagement triggers and contacts.
- Regulator notification flows where applicable.
We rehearse it quarterly with a tabletop, and we update it after every rehearsal. The most recent change came from a tabletop where we realized our "client contact" entry was a single email address — what happens at 3 AM Saturday? Now there's a primary and a backup, both phone numbers.
Physical resilience
The Kigali floor runs on dual independent high-speed circuits with automatic failover. A grid outage cuts to generator within seconds — agents notice the UPS click, not the floor going dark.
This matters less for security posture and more for SLA continuity, but it's the same instinct: design out the failure mode before you have to explain it.
What the evidence package looks like
Every control we operate is documented as it goes live, with the architecture diagrams and control mappings shared under NDA so your security team reviews the same artefacts we work from. There is no "marketing version" of our posture and an "engineering version" — only one set of documents.
If you want to see what we send to procurement, ask for it. The doc is short on purpose.
Let's talk
Ready to upgrade your customer experience?
Share your stack, channels, and SLAs. A founder will reply within one business day with a tailored plan and quote.
