Security infrastructure and regulatory compliance at every level
Our Standards
MAXimum uses only the highest caliber security appliances and servers. Everything from inbound traffic to the physical health of our servers is monitored and logged 24/7.
State-of-the-art servers with 4-hour snapshots, nightly immutable backups, and cloud-based recovery capabilities.
16 cameras, keycard/fingerprint server room access, tiered employee permissions, and 24/7 third-party threat monitoring.
Daily cell phone block lists, manual dialing procedures, internal DNC management, and full FCC regulatory compliance.
Infrastructure
A robust, monitored infrastructure protecting your data at every layer
MAXimum uses only the highest caliber security appliances and servers. Everything, from inbound traffic, to the webpages viewed by employees and the physical health of the servers, is monitored and logged on a 24/7 basis.
All data sensitive servers are continuously backed-up using industry-leading backup and recovery software hosted on a dedicated Backup and Recovery Server. Snapshots are created every 4 hours, 7 days a week and stored both locally and on the provider's US-Based cloud archival site.
Weekly snapshots are retained for 4 weeks, then converted to monthly and yearly backups -- allowing administrators to roll back to any date within the past year. Immutable full backups of core servers are performed nightly and stored off-site for 1 month, with the ability to be "spun up" in the cloud should on-site operations be interrupted.
MAXimum Research takes the security of its data and servers very seriously. Employees undergo multiple training sessions per year on security measures, risk identification, and breach response. Trainings are mandatory and records are maintained.
The facility is covered by 16 cameras and 4 audio microphones recording 24/7. Window, smoke/fire/heat, and motion sensors are monitored by 3rd party companies with direct lines to local law enforcement. The server room is accessible only via electronic keycard/fingerprint reader, limited to 3 individuals.
All company-owned assets are monitored 24/7 by a 3rd party for viruses, malware, and phishing. In the event of detection, remote shutdown can be initiated within 30 seconds. All employees are screened for federal OIG/GSA and criminal background checks.
| Tier | Role | Access Level |
|---|---|---|
| High | Owner / Admin | Dedicated PC/Laptop, full access |
| Mid | Management | Terminal server via thin clients |
| Low | Interviewers | Web-based pages only, no data access |
MAXimum Research has invested heavily to ensure full compliance with the Telephone Consumer Protection Act within the call center. Our procedures are detailed, documented, and rigorously enforced.
We subscribe to a list management service providing daily listings of known cell phone block identifier records, as well as monthly lists of numbers ported from landline to cell. These lists are used to identify and flag "cell" records within any sample file.
Flagged cell numbers are loaded into a completely separate study area with NO KNOWLEDGE of our predictive dialer, and the script is incapable of using the dialer since all dialer logic is removed.
The only equipment used to dial cellphones is our PBX and Phone. The PBX is a custom-built Asterisk FreePBX system. Phones are Polycom Soundpoint 331's -- basic VoIP phones with just a handset, keypad and headset jack.
Cell phone numbers are manually typed into the phone via the keypad. No computer software is used to dial cell numbers. Work-from-home agents use a soft phone that is a replacement for a physical phone only, with no auto-dial feature. Calls traverse a private fiber-optic circuit to our VoIP provider.
Should a TCPA complaint come in, the phone number will immediately be searched across ANY study running on the predictive dialer study server.
If the number is found, we will follow it back through the identification process to determine why it was not flagged. The most likely cause would be a respondent whose home/landline number was forwarding to a cellphone -- in which case, we followed all possible procedures and are not at fault.
Any time a respondent explicitly states they want to be on the Do Not Call list, their number is coded with a special disposition in our survey programs and immediately removed from the study. During after-hours processing, all such numbers are exported and appended to the internal DNC list. All projects are then refreshed against this list to ensure the number is not loaded in any other project. When new projects are prepared for dialing, the entire sample is checked against the DNC list before loading.
Contact us directly to discuss our procedures in detail.