Overview
Sytel Limited provides hosted contact centre technology (including predictive dialer and telephony services) where customer operational data remains on the client’s premises.
Our platform delivers dialer and telephony functionality from AWS infrastructure; Sytel does not host customer CRM data or personal consumer information.
The only data stored by Sytel is limited to call recordings and related metadata (e.g. timestamp, agent ID, telephone number link).
We apply the principles of SOC 2 (Security, Availability, Confidentiality) and GDPR across all operations.
Our controls are proportionate to the minimal data we process and are verified through internal audit and AWS assurance reports.
Hosting and Infrastructure Security
| Area | Control Summary |
|---|---|
| Cloud provider | Hosted solely on Amazon Web Services (AWS) within defined regions. AWS maintains active SOC 2 Type II, ISO 27001, and PCI DSS certifications. |
| Physical & network security | Sytel relies on AWS’s managed environment for perimeter, physical, and environmental safeguards. |
| Tenant isolation | Each customer tenant operates in a logically separated environment; no cross-tenant data visibility. |
| Access management | Multi-factor authentication enforced for all administrative users. IAM policies follow least-privilege and are reviewed quarterly. |
| Encryption | Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Encryption keys managed via AWS KMS. |
| Logging & monitoring |
AWS CloudWatch used for system and security events; alerting configured for anomalies.
|
| Backup & resilience | Daily encrypted backups with optional geo-redundancy; restoration tested periodically. |
Data Protection and Privacy
| Area | Control Summary |
|---|---|
| Scope of data | Sytel processes minimal personal data – call recordings and related call identifiers only. No consumer PII or account data is collected or stored. |
| Data retention | Recordings retained only for contract-specified periods (typically ≤ 6 years) and deleted via secure erasure |
| Data subject rights | Customers may request access, correction, or deletion through dpo@sytel.com. |
| Sub-processors | Limited to AWS and essential service partners bound by written DPAs and confidentiality terms. |
| International transfers | Data stored within agreed “sovereign data country.” Transfers outside that region use EC Standard Contractual Clauses where required. |
| Incident management | Formal playbook for detection, containment, notification, and remediation. 24-hour internal response SLA. |
Organisational Controls
-
Governance: Security oversight by the Data Protection Officer and Head of Operations.
-
Training: All staff receive annual security and privacy training.
-
Change management: Platform updates recorded and reviewed before deployment.
-
Vendor management: Suppliers vetted for security and contractual compliance.
-
Audit readiness: Internal SOC 2 alignment matrix maintained; supporting evidence available under NDA.
Compliance Position
Sytel Limited is aligned with SOC 2 Trust Services Criteria for Security, Availability and Confidentiality.
AWS’s independently audited SOC 2 Type II controls underpin our hosted infrastructure.
Sytel’s own operational controls are documented and periodically tested internally to the same standards.
Statement:
Sytel maintains a secure, controlled, and auditable environment consistent with SOC 2 and GDPR requirements.
We welcome client audits or security reviews under mutual NDA.
Contact
Data Protection Officer: dpo@sytel.com
Find out more about Sytel’s policies for Security, Privacy and Compliance.
