This software version will be a minor functionality release to improve usability, security and privacy controls of ICwhatUC.
Pre-Call Change Requests
Logging Consent
When an end-customer clicks on the ICwhatUC Video link, they are required to provide access to their Microphone and Camera in order to join the ICwhatUC video call. We now log each time an end-customer provides this consent in a “Consent Log”. The following information is captured:
- ICwhatUC Workspace
- ICwhatUC Session hyperlink
- End-Customer phone number
- End-Customer device information
- Date & Time of consent
- Consent Type = “Microphone & Camera”
We have added a configurable second consent step to verify that end-customers understand that ICwhatUC video calls are recorded.
Adding Video Recording Consent
This consent step can be configured within the Workspace, in the General Settings, below the customized SMS message. Similar to the post-call options, if this text box is left blank, the secondary consent step will be skipped. Screenshot of configuration below.
If enabled, this second consent step will require the user to accept and consent to recording before joining the ICwhatUC video call. Additionally, we capture the consent in the Consent Log above. The following information is captured:
- ICwhatUC Workspace
- ICwhatUC Session hyperlink
- End-Customer phone number
- End-Customer device information
- Date & Time of consent
- Consent Type = “Recording Consent”
In-Call Change Requests
Session Recording Banner
In order to add additional privacy controls, we have added a banner during ICwhatUC sessions to remind end-users that video calls are being recorded. Like the Secondary Consent step above, this is configurable within the Workspace, in the General Settings.
If enabled, this banner will be presented during the ICwhatUC video call to the end-customer.
Sharing Change Requests
Sharing Audit Trail
We have built a log of all shares within ICwhatUC workspaces in a “Video Shares Log”. This log includes the following information:
- ICwhatUC Workspace
- ICwhatUC Session hyperlink
- ICwhatUC Technician/Admin who shared the sessions
- Phone number or email address shared with (“link copied” is recorded if the video file is being shared using the Copy Link button).
- Date & Time of sharing
Sharing Protection
In order to protect ICwhatUC recorded videos, we have added the ability to stop public sharing of ICwhatUC calls. Configurable within the Workspace, in the General Settings, administrators can choose between “Shared Publicly” and “Require Authentication”.
When “Shared Publicly” is enabled, the video sharing will work as it does today.
When “Require Authentication” is enabled, we authenticate a user before they are allowed to view the video file. Here is the authentication strategy:
- A end-customer either requests the video be shared with them at the end of the ICwhatUC session, or the Technician presses the Share button and enter a phone number or email address to share the video with.
- The person receives the shared video hyperlink, and they click on it to play the file.
- The person will have to verify their phone number or email address to verify they have authorization to watch the file.
- A specific PIN code (valid for 60 minutes) will be provided to the email address or phone number. The message that is used to share the PIN is customizable with the Workspace General Settings just like the “Session created SMS text” and the “Session playback SMS text”.
- The person will have to enter the specific PIN code in order to review the video.
All external video reviews are also logged in a “Video Reviews Log”.
Security Changes Requests
Enforce Password Rules
In order to provide enhanced security, ICwhatUC has added a configuration setting within the Workspace, in the General Settings, to enable password rules. The following password rules are enforceable:
- Password control specifications must ensure that users are required to change passwords at least every XXXX days (number of days is configurable)
- Passwords must be a minimum of XXXX characters in length (number of characters is configurable)
- Passwords must contain at least one lowercase alphabetic (true/false)
- Passwords must contain at least one uppercase alphabetic (true/false)
- Passwords must contain at least one numeric (true/false)
- Passwords must contain at least one special character (true/false)
- Passwords must not be reused for a minimum of XXXX iterations (number of iterations is configurable)
- Passwords must not contain more than the same 3 characters in sequence
- Passwords resets must be limited to a minimum frequency of 1 reset per day;
- XXXX failed logins in a row should cause a minimum of a 5 minute lockout (number of failed logins is configurable)
Back End Change Requests
Deletion Audit Trail
We have built a log of all videos that are deleted within an ICwhatUC workspaces in a “Deleted Videos Log”. This log includes the following information:
- ICwhatUC Workspace
- Date & Time of video call
- ICwhatUC Technician/Admin
- Phone number of end-user
- ICwhatUC Session hyperlink (to prove it no longer works)
Team Members Management Change Requests
We have created a simplified Team Members tab. The “Account” column has been renamed to “Status”, and shows a text status of either “Pending Activation”, “Enabled” or “Suspended”.
The functionality for an Administrator to Enable or Suspend an account has be moved to the “Edit User” screen.
Additional details on the Update User screen include:
- The “Change Password” button appears as a button.
- The Enable button is only enabled if the user has not activated their account, or their account has been suspended.
- The Suspend button is only enabled if the user’s account is Active.
- If the Administrator presses the Enable button, a Password Reset email is sent to the user so they can set their password for their account.