HOW SOTERIA WORKS

Defining Proactive Compliance

Empowering Industry, Defining Proactive Compliance

FAQs

Is Soteria™ suitable for MiFID II?

Yes. The platform is designed and built with Security and Integrity of Data Objects at its core. Soteria™ can normalise all data source types and reconstruct them against an individual user, a timeline or specified keywords, on a global lookup basis and as a single-pane view. The solution is a perfect and scalable fit for companies who need to be compliant under MiFID II, where they are required to demonstrate that all Telco to IP-based communications have been recorded, as well as showing “Best Execution” practice.

Is Soteria™ suitable for GDPR requirements?

Yes. With personal data – and its correct management and control – now critical for all businesses, the Soteria™ platform can process Data Management and Record Control, complete with a full Audit trail with ease. Its modular and cost-effective cloud deployment option, enables a ‘Pay As You Use’ approach to suit all, keeping companies compliant yet equally efficient.

Who is Soteria™ suitable for?

Any industry, especially those that are regulated, or that place a high value upon protecting their corporate data. i.e. Financial Institutions, Legal Businesses, Governments, Healthcare and Pharmaceutical companies.

How secure is the Soteria™ platform and its storage?

The portal is a secure, private cloud, and can only be accessed through an IPSEC/VPN, or a private connection; it cannot be accessed through any other interface but the client’s intranet. The platform has been designed to meet all current regulations and is penetration tested every quarter. It is also approved by over 175 top Tier 1 and 2 Financial Institutions globally, be that via private wire or portal. We can additionally offer on-premise or edge-based data storage, thus meeting the needs of the most demanding client security policies.

How is data captured and where is it stored?

Data is captured in real-time through our Soteria™ portal and is integrated via VMware or dedicated physical hardware. It is then archived in our cloud storage facility, ensuring that it is available wherever and whenever required, using our highly secure compliant cloud services. This data can then be shared on a private cloud or delivered on-site.

Does the Soteria™ platform record all forms of communications?

Yes, the platform captures all forms of media, some of which are; fixed line, mobile voice, SMS, IM, email, Skype for Business, social media, and trade feeds and news, including Bloomberg and Reuters. We also capture multi-channel trading data and legacy-archived data.

Does Soteria™ record social media types?

Yes, the platform captures all forms of media, for example LinkedIn, Twitter and Yahoo chat; we just take a corporate feed from the end client. If however the social accounts are personal, and held on a personal device, data from these sources cannot be compliantly captured and is a point for the business to consider managing through their compliant policy.

Does Soteria™ capture WhatsApp messages?

Although yes we have the technology to capture What’s App with a device application or MDM solution loaded onto a corporate device, when looking at GDPR and Data Protection regulations, businesses have to be able to handle personal and business traffic without breaching guidelines. We therefore strongly advise our clients to eliminate the use of this chat medium through company policy.

Does Soteria™ capture Skype for Business and Bring Your Own Device solutions?

Yes, the platform captures all elements of Skype for Business, including voice, video and IM. We additionally capture voice, conferencing and IM from the Venncomm TALK BYOD app-based solution, which is built within the Good Technology environment.

Does Soteria™ transcribe voice recorded calls?

Yes, the platform captures all forms of voice media, some of which are; fixed line, mobile, BYOD-based calling apps, and Trader Turret solutions such as IPC, Speakerbus and the enepath Eclipse tablet. Using our Automatic Speech Recognition (ASR) engines, we then transcribe these calls in either real-time, or 1-day or 3-day batches. Soteria™ can integrate to multiple ASR platforms, such as Nuance Dragon or indeed the client’s own solution, and is agnostic where this is concerned.

Does Soteria™ have the ability to take my in-line voice call recordings?

Yes, the platform captures these at either a SIP or TDM level, through any voice switch such as Cisco Call Manager, Avaya or Mitel. This allows clients to move their recording service away from the likes of Nice, Verint, and Redbox etc., and straight into our cloud recording solution, saving long term managed service costs and delivering greater ROI.

Does Soteria™ ingest other mobile call recordings outside of Truphone?

Yes, the platform can ingest feeds from any existing Mobile Recording supplier in batch overnight format, aligned to a user profile. Alternatively, we offer an over-the-top ‘Bring Your Own Device’ application, via our partner Venncomm, which works with current network provider solutions, whether they have previously used a MR solution or not.

How do you gain voice profiles for users?

When on-boarding clients who require “Voice to Text” services, we sit with each user and get them to read a 5-minute tuned call script, which we then assign to their user capture profile. This is then loaded against all their call types to deliver the best transcription possible. For increased accuracy, each user can read a longer 20-minute script, which again gets loaded in the same way. Clients are happy to do this as the initial small investment in time vs. the benefits they see from increased efficiency, such as CRM population, is considered minimal.

Does Soteria™ work with CRM platforms such as Sales Force?

Yes, Soteria™ facilitates increased efficiency to businesses by harnessing the power of its Voice to Text engine, transcribing voice calls and then enabling pre-population of CRM platforms with text fields, aligned to the call recording file. This can additionally be used for deal tickets and “Best Execution” folders.

Can you programme Soteria™ to search and locate keywords?

Yes, the platform has powerful Search and eDiscovery functions, which, either via batch loading keywords, or inputting them in individually, can proactively flag alarms and alerts to notify users when any word appears within a call or electronic communication.

Does Soteria™ search data locally or globally?

Both. The platform’s architecture enables multiple permission views of the globally stored data, from a “see all” Super Administrator view, to a single Head of Desk view. Keywords can be searched via basic searches, or more advanced ones, such as “Wildcard”, “Fuzzy”, or “Proximity” searches.

Does Soteria™ have common API feeds?

Yes, the platform can be used to interface with existing “Market Abuse Tools”, ingest existing recording solutions, and even legacy data formats. It then normalises the data against an individual user.

What is the maximum number of users assigned by companies?

The platform can store an unlimited amount of users and from any geographic location.

Who are the largest accounts currently using Soteria™?

We currently look after 9 of the top 12 global banks, through our original channel partner, Truphone, with Soteria™ being the embedded in-network recording solution and support for Truphone Mobile Recording (TMR).

What is the smallest sized client using Soteria™?

We support a 2-man Hedge Fund in the City of London with our platform, as via our cloud solution, we can deliver compliance and business efficiency in a very cost-effective fashion.

Does Soteria™ allow multiple user logins?

Yes, the platform permission structure allows individual secure access, pre-set to the level permitted for each user type, either locally or globally.

How do you buy Soteria™?

Soteria™ is built and powered by Insightful Technology, however it is sold through our global and local channel partners to give us the reach and best-in-country support that the solution needs. Some of our partners include Truphone, Telstra, 6 Degree’s, Capital Support Group, Daisy Communications and Venncomm.

How cost effective is Soteria™?

Given the modular and scalable nature of the entire solution, and it’s ability to make multiple communication storage silos and user licences redundant (as and when required), thus centralising all of your data into one place, Soteria™ is cost-effective from one user to thousands.

Is Soteria™ user friendly?

Yes, the platform operates using a simple navigation flow and tree structure, allowing clients to carry out all manner of data management and analysis with ease, and facilitating fast and straight forward case reconstruction.

How long does a typical installation take for the Soteria™ Platform?

If Soteria™ is installed using VMWare and IPSEC VPN, and assuming that there are no more than an average of 6 data source types to be collected, you can be fully live, installed, trained and signed off in 3-4 weeks.

What is the turn around time for case reconstruction?

The platform works in real-time, triggering proactive alarms & alerts, which allows case reconstruction to be created instantaneously, meeting regulatory time requirements. A powerful Search and Filter functionality enables regulators and investigators to access accurate and quickly collated cases within a few minutes or hours, depending on the volume of data stored globally.

What type of information does Soteria™ audit?

All actions within the portal are fully audited with a history of who executed them, as well as the login user, date & time, action, web site browsing, searches, data, recording playback and traced IP addresses of the web client.

Does Soteria™ export information?

Yes. If you have permission, you can export the data in raw format and download it as a spreadsheet, in a regional single view format.

What regulations does the software comply with?

Due to it’s design, and in order to meet with evidential weight requirements, Soteria™ consequently enables users to fully comply with many different industry compliance regulations, such as:

BSI BIP 0008 – A code of practice on the legal admissibility of information stored in electronic document management systems

BSI DISC PD 5000 – An international code of good practice in five parts for electronic documents and e-commerce transactions as legally admissible evidence

Dodd-Frank Act (USA)

Financial Supervisory Authority (Norway)

Financial Conduct Authority (UK)

GDPR

ISO TR 15801 Electronic Imaging – Information stored electronically

MIFID II (EU)

How is data encryption managed?

All captured objects are stored using a client’s encryption key(s). These keys are stored on the key server and access to this is only available via an API which utilises keys constructed from the login user credentials. These keys, when created, only allow access to a single client’s encryption key set.  No admin portal users have access to the key server.

How can we prove in a court of law that multimedia, collected on site, has not been modified before it arrives in the hosted Soteria™ environment?

Every object that Soteria™ captures has two important keys, that are created at ingress, an Object Collection Guid and a Seal. The Object Collection Guid is a unique identity that is never repeated globally for that object. The Seal is a unique digital key that demonstrates whether an object has been tampered with or deleted.

What is legal hold?

Legal Hold is the ability to prevent captured objects from being deleted once a retention policy has expired. Legal Hold is typically used where there is a requirement to investigate data or present data, to a regulator or other authority.

What is the retention policy and can it be changed?

Dependant on access permissions, login users will see their captured data, or objects, for the duration of the correct retention policy. To modify a retention policy, the request must be processed through the approved administration procedure. Retention policies can never be decreased, only held or increased, with auto deletion built-in once the date point is reached.

How are the keys only accessible to portal log-in user accounts?

Login accounts are unique to the whole cloud infrastructure. A login account can only point at a single client’s data, based on the execution GUID.

Get started

No Canned Demos Here: Watch Soteria Work Live

See how Soteria's modular and scalable approach can make you fully compliant, efficient, and cost effective, in a live demonstration

Request Demo