The Intelligent Appointment Scheduling Blog

Key Information Security Concerns to Consider When Looking for an Appointment Scheduling Vendor

Cybersecurity vulnerabilities pose an ever-increasing threat to today’s enterprise. Faced with substantial penalties from any potential loss or misuse of data, businesses are under intense pressure to maintain secure integrations across all of their business processes—including those involving external vendors.

Regardless of the service, it’s more important than ever to work with trusted vendors. For a vendor to become a trusted partner they must make it a top priority to protect the data they handle for you and demonstrate the security of their products. This means having robust and demonstrable information security related controls and programs.

Here are some key security elements you should look for when deciding whether to work with a scheduling vendor:

Security for you and your customers

Web security 101 dictates the use of HTTPS. Does your vendor use HTTPS? It is critical to verify that the appointment scheduling vendor you choose is securely passing traffic, especially when done over public networks, such as data collected at a web browser that is transferred to the vendor’s platform. This limits the risk that hackers, who could be sniffing web traffic, can read any personally identifiable information (PII) or passwords while in transit.

It is also important to ensure similar security protections for the vendor’s marketing website and/or administrative interfaces, which may not be hosted on the same platforms where you interact with your subscription(s).

Is your vendor committed to data security? Prove It.

Is your vendor committed to the security of your data? What good is encryption if the company itself is not following sound practices to protect its employees and customers? This is where most scheduling vendors fall short, leaving you—the customer—exposed to risk.

A controls audit by an independent third-party reviewer is a critical step to ensure that the vendor you’re working with is serious about security. Requiring a SOC 2 report from each of your vendors is a good place to start.

Businesses that have a current SOC II type 2 report are demonstrating, via the independent third-party’s assessment, that they have implemented security practices and controls that focus on: data privacy, security, availability, process Integrity, and confidentiality. A completed report helps you verify that the security controls and practices have been implemented and successfully maintained over the audit period.

Following International Security Practices

Does the provider enable your company to abide by the security and privacy laws that are relevant to your business or industry? This is another important factor when choosing a scheduling vendor.

A perfect example of this is the 2018 European Union’s General Data Protection Regulations which requires all companies working with data originating from persons within the EU, to handle and process that information according to strict guidelines. GDPR compliance can be complicated, and there are penalties for getting it wrong, especially when integrating workflows with other vendors, so it’s important that vendors have a firm grasp of GDPR compliance!

Having a trusted partner—one who has “been down this road before”—will help identify the pitfalls of compliance. TimeTrade has customers from around the globe and in all manner of industries. We are proud of the work we have done, the experiences we have earned, our outstanding support staff and the product features that help our customers meet their important regulatory obligations.

Making Security Easier for you.

Security and compliance are difficult challenges for an enterprise—more so than the days of running your enterprise from within a “server closet”. Do your service vendors support Single Sign-on (SSO)? Single Sign-On support is a capability only a select few appointment scheduling vendors can meet. It is a powerful tool that helps employees secure connections with online services, and globally maintain user security requirements; such as two-factor authentication, across all your online services. When an employee leaves a company, for example, the business can remove access to all of the vendor’s services or products in a timely manner.

Finally, is your appointment scheduling vendor implementing the latest security enhancements from key integrations between third parties? Some TimeTrade products have strong integrations with Salesforce platforms and can leverage the Salesforce Shield offering. Shield is a set of security tools incorporated by Salesforce that protects customer data stored on their platforms and creates a traceable ledger to monitor activities taking place within a customers’ Salesforce instance. This gives your security team a powerful advantage to track and fight back against accidental or malicious activity.

There is much to look out for when considering an appointment scheduling partner. Of course, you need to deliver a great experience to your customers when scheduling and you must optimize your employee’s workflows to generate more meetings and opportunities faster. BUT you’re also working with important business data and with your customer’s personal contact data. You need to work with a trusted vendor, one that is focused on enabling and protecting both you and your customers.

Written by Bruce Brown

As Chief Information Security Officer, Bruce leads TimeTrade's commitment to protecting customer data. He directs Information Security strategy, policy and operations, and manages the overall Risk Management and Information Security Programs. Bruce joined TimeTrade in 2010 and has 20 years of technical, information security and cloud hosting operations experience. He is a Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP).

Have a Conversation with a TimeTrade Expert