VRH s Internal Customer Service Policy

Similar documents
Network and Workstation Acceptable Use Policy

HIPAA Security Alert

Supplier Security Assessment Questionnaire

Small Business IT Risk Assessment

Checklist of Requirements for Protection of Restricted Data College of Medicine Departments (v 03/2014)

FINAL May Guideline on Security Systems for Safeguarding Customer Information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Security. assistance with implementation of the. security standards. This series aims to

Supplier Information Security Addendum for GE Restricted Data

How To Protect Research Data From Being Compromised

Data Management Policies. Sage ERP Online

IT - General Controls Questionnaire

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

PHI- Protected Health Information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Retention & Destruction

Information Security Plan effective March 1, 2010

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Privacy + Security + Integrity

Physical Protection Policy Sample (Required Written Policy)

Standard: Information Security Incident Management

Procedure Title: TennDent HIPAA Security Awareness and Training

H.I.P.A.A. Compliance Made Easy Products and Services

HIPAA Security COMPLIANCE Checklist For Employers

SITECATALYST SECURITY

Responsible Access and Use of Information Technology Resources and Services Policy

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Client Security Risk Assessment Questionnaire

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

CONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

CHIS, Inc. Privacy General Guidelines

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Stable and Secure Network Infrastructure Benchmarks

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Rotherham CCG Network Security Policy V2.0

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Information Systems and Technology

Music Recording Studio Security Program Security Assessment Version 1.1

Estate Agents Authority

Effective Date: Subject Matter Experts / Approval(s): TAC: LASO: C/ISO: Front Desk: Technology Support Lead: Agency Head:

System Security Plan University of Texas Health Science Center School of Public Health

Hosted Testing and Grading

HIPAA Information Security Overview

Remote Deposit Terms of Use and Procedures

Version 1.0. Ratified By

What s New with HIPAA? Policy and Enforcement Update

Computer Security Policy (Interim)

ISLAND COUNTY SECURITY POLICIES & PROCEDURES

ULH-IM&T-ISP06. Information Governance Board

BERKELEY COLLEGE DATA SECURITY POLICY

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

Information Resources Security Guidelines

SHS Annual Information Security Training

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA: Bigger and More Annoying

Mike Casey Director of IT

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

The County of San Bernardino Department of Behavioral Health. Facility Physical Security and Access Control Pr

AUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008

Acceptable Usage Guidelines. e-governance

Silent Safety: Best Practices for Protecting the Affluent

Franciscan University of Steubenville Information Security Policy

Network Security Policy

OHIO VALLEY EDUCATIONAL COOPERATIVE TECHNOLOGY ACCEPTABLE USE POLICY

Huddersfield New College Further Education Corporation

SUPPLIER SECURITY STANDARD

About this Tool Information Security for Residents...

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

Security Features: Lettings & Property Management Software

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook

Information Security It s Everyone s Responsibility

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

INFORMATION SECURITY FOR YOUR AGENCY

Cyber Security for Businesses

HIPAA RISK ASSESSMENT

Information Security Policy

HIPAA Compliance Evaluation Report

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

Security Controls Technical Memorandum Florida Health Information Exchange, Event Notification Service

HIPAA and Privacy Policy Training

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

Automation Suite for. 201 CMR Compliance

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

Transcription:

VRH s Internal Customer Service Policy Excellent customer service depends mainly on two elements: (1) training, and (2) management follow-through. VRH asset managers must always maintain a calm and professional demeanor, educate debtors about the nature and underlying facts of their obligations, be consistently firm, honest, fair, responsive and objective, and provide the technical assistance needed by some debtors to properly resolve their objections and issues. All conversations with a debtor and all conversations in which an asset manager communicates with a third party in an attempt to obtain information about a debtor, are recorded and saved in a designated secure network folder. VRH only retains asset managers who express a clear understanding of the gravity of our customer service policy, as well as personal dedication to that policy. All employees understand that they are personally responsible for their participation in our goals in this regard. The management of VRH conducts routine compliance audits, including telephone monitoring, as mechanisms to ensure compliance with regulations and our internal policies. Our record of minimal if any complaints on all client contracts illustrates that we take client services seriously and address prohibited acts immediately. All staff members are subject to routine audit of their compliance with VRH s zero-tolerance policy for violation of this Customer Service Policy. All employees must acknowledge that they understand that they are personally responsible for their participation in our goals in this regard. 1. Debtor Contact All VRH Asset Managers must communicate with debtors in a professional and knowledgeable manner, ensuring that we protect our clients from collection and other legal risks by conforming to all collection laws such The Privacy Act of 1974, HIPAA, Federal Parent Locator Service, the Fair Debt Collection Practices Act, Fair Credit Reporting Act, and all other applicable state and federal laws and regulations. If unable to contact a debtor, the Asset Manager must skip trace with the ultimate goal to make contact with the debtor and work with him or her to resolve the obligation. VRH s initial expectation is that the full balance due will be paid. Where this is not possible, it is expected that the Asset Manager will evaluate the impact on the debtor of payment arrangements or a compromise. We do not want to cause undue financial hardship to a debtor. However, if debtors do not provide accurate financial information and undisclosed assets may exist, we are able to seek out the hidden value in the account. Where a debtor has multiple claims/judgments, the Asset Manager should try to lead the effort to effect global settlements with other creditors. Immediately upon receipt of a demand for validation, the VRH Asset Manager must either provide the requested documentation or request it from the client, based upon the debtor s request. Collection calls will be made at 7-10 day intervals, while letters will be sent at 30 day intervals. VRH s target timeline is for all accounts to be paid in full, settled, referred to legal, or administratively closed within 12 months of assignment. It is against VRH policy for any Asset Manager to call an obligor two days in a row unless requested by the obligor to do so.

All conversations with the obligor and all conversations in which an asset manager communicates with a third party in an attempt to obtain information about an obligor, must be recorded and saved in a designated secure network folder. This data is subject to audit and to disciplinary action in the event of a violation of VRH s Customer Service Policy. 2. Specific Customer Service Targets Certain situations will lend themselves to a heightened awareness, including: Obligors who have asked for validation or explanation of their liability VRH Asset Managers must provide an appropriate and comprehensive response to the taxpayer. Obligors who have current disputes and/or don t understand the nature of the outstanding liability, either because they don t have good records or because the debt is just so aged that they don t recall VRH Asset Managers are required to educate the obligor, including providing any available documentation that will further explain the nature of the liability. Obligors who have hardships that affect their ability to pay While VRH expects that its Asset Managers will verify any such hardship, we also demand that the Asset Manager exhibit sensitivity to the obligor s situation. It is not acceptable for a VRH Asset Manager to assume that an obligor is not telling the truth when he or she claims a hardship, or to disparage such hardship. Obligors who are under any sort of mental or physical disability or who do not speak English When a VRH Asset Manager suspects that an obligor does not understand the nature of the conversation, either due to some sort of disability (mental disability, inability to hear the Asset Manager, etc.) or due to a language barrier, the Asset Manager must exhibit patience, provide written documentation that will allow the obligor time to absorb the information / have the information translated, provide translation services where applicable, and involve VRH Management in the communications if appropriate. Remember that your conduct as an Asset Manager for VRH will be judged not only on your ability to collect money for the company, but also on your: Ability to answer obligor questions and provide correct information; Appropriateness of language and tone; Conversation control balanced with listening skills; Helpfulness and ability to create a cooperative relationship with the obligor

VRH s Confidentiality Policy Value Recovery Holding, LLC ( VRH ) is highly sensitive to its clients need to maintain the confidentiality of system, debtor and other information. VRH has a zero-tolerance policy with regard to the improper dissemination or neglect for the privacy of such information and takes a number of technology and personnel-based measures to ensure that such violations of privacy do not occur. VRH has strict confidentiality policies signed by each employee. The company has made every effort to go paperless to further protect account information. All faxes are scanned, saved to file on secure drive then sent via UFAX and immediately put in the shredder located in the AGO group s secure department. The practice for all incoming documents, whether through the mail or via fax is as follows: the administrative assistant processes original paperwork to the client and forwards electronic file to the agent handling the asset. VRH offices are in a high security build recently remodeled for collections work. Building access is controlled by electronic photo ID badges which must be worn by all employees in the building. The 2 exterior doors remain locked at all times. A visitor can use the intercom to be buzzed in after being observed by the video surveillance camera. Access to internal doors for secure collections areas, such as the Ohio AG collections group, are also controlled and monitored with using the electronic badges. The electronically locked doors are equipped with closers and all entries are recorded to Brivo, an industry standard web based software for monitoring and managing this security system provided by ADT. The Brivo system also records motion sensors throughout the building, including the IT closet. Brivo audit records provide the day and time of an event, the user s identification, the type of event, the area accessed, and the success or failure of the event. Attempted access and breakins are recorded and trigger a police response through ADT monitoring. If the building is entered the alarm system must be disabled in 30 seconds with a security code that is only available to management and maintenance. Blank badges are maintained under lock and key, off-site by the Senior VP of Administration who is one of 2 people authorized to access the Brivo system and create and assign badges. Lost badges and badges of terminated employees are disabled immediately. Brivo log files are reviewed both when there is an incident and monthly by IT for terminated employees, accuracy of access rights and suspicious patterns of entry. Non-management employees are restricted to normal collection business hours. The cleaning contractor, who needs extended access for cleaning, is a long time trusted partner and was required to sign the 1974 Privacy Act acknowledgement. A. Data Security: Threats can come into a company from several sources on the Internet. The first line of defense is a strong firewall. VRH access is protected by 2 firewalls: A Sonicwall hardware device and a Microsoft ISA2004 software firewall. These firewalls are set to provide a balance between security and flexibility. Since we have (but are not limited to) 2 firewalls, we can allow groups of users various levels of access according to our clients requirements. Additionally, we have implemented, and continually update, the full Symantec Anti-virus and Anti-spyware suite for both servers and client computers. It is up-to-date. All email directed to our Microsoft Exchange Server is externally spam-filtered and virus checked prior to its receipt. We implement the latest operating system patches for users and servers to incorporate the latest security improvements.

System Data, including email, call recordings and files are backed up by Symantec BackupExec 11d to external hard drives which are then rotated offsite. VRH s backup tape is sent offsite to Fireproof records storage weekly. To protect against short-term file loss, we have network undelete Software that allows near instant file retrieval. B. Personnel Security / Confidentiality of Account Information: All new staff retained is required to undergo both civil and criminal background checks. Depending on the nature of the contract for which the employee is retained, he or she may also be subjected to FBI screening. Every new hire must also pass a drug test and execute a statement acknowledging that random drug screening may occur at the discretion of the management of VRH. Every employee is also required to execute a Confidentiality Agreement, which exhibits an understanding of the extreme confidential nature of the work that we perform. Our management team routinely checks the desktops and work areas of the staff in order to ensure that confidential taxpayer information is not left unattended or discarded into the nonshredded trash bins. Every government contract is provided with its own secure area in terms of both physical and system configuration. The physical area in which work is performed on a contract and the computer database used to retain a particular client s information are restricted to only those staff who are dedicated to the contract C. System Security / Confidentiality of Account Information: All systems are password protected and user computers are password protected. No sensitive databases reside on VRH computers. On a limited basis, trusted manager-level individuals are allowed VPN remote access to their individual computers. Data is also secured by segmentation of business units, login restrictions, limiting access and nature of access (read only versus read/write), and limiting the number of unsuccessful access attempts. All internet activity is reportable and routinely monitored. Non-business related sites are blocked by name and/or category using a Sonicwall Firewall. Email is scanned by Securence for viruses and spyware before it enters the network. Then we use Symantec to further trap malware. Policy dictates that data, documents and reports of any nature containing sensitive data can only be transmitted securely via email, FTP, secure FTP or other protocols. It must further be zipped/encrypted and password protected. Procedural safeguards are also in place, such as separation of duties, specific operational rules, and proper instruction, training, and validation of new operating systems. Our personnel are provided with unique security access codes to the information systems, based on the employee s level of clearance to the network. All security clearance will be commensurate with the employee s duties and responsibilities. If a client determines that additional clearances are necessary of our personnel due to an online integration with a host server, the VRH management team will supply the necessary background on each employee, including a project staff roster, personal data, job descriptions and duties, and computer access levels. D. System: The secure Data Center houses all critical network computer components, including: CPUs, Windows servers, firewalls, backup disk drives, Ethernet networking and telecommunication hardware, building security system hardware, and multiple uninterrupted power supply devices. The Data Center is in a secure room accessed only by security code and proper clearance; and the Data Center further provides physical security for online and offline data. Additionally, all online and offline storage is secured through the use of our security software.

Unauthorized access is virtually impossible. Our information systems are well equipped with security safeguards. Operational system safeguards include: security software; security activity logging and auditing capabilities. Various access controls are utilized, including passwords and user Ids, limiting access and nature of access (read only versus read/write), and limiting the number of unsuccessful attempts. Procedural safeguards are also in place, such as separation of duties, specific operational rules, and proper instruction, training, and validation of new operating systems. Both onsite and offsite data storage are provided with the same security as online and offline storage. Offsite data storage is currently provided by Fireproof Records Storage, central Ohio s oldest and largest independently owned commercial records center. Media stored offsite is secured by a password. Our personnel are provided with unique security access codes to the information systems, based on the employee s level of clearance to the network. All security clearance will be commensurate with the employee s duties and responsibilities. If a client determines that additional clearances are necessary of our personnel due to an online integration with a host server, the VRH management team will supply the necessary background on each employee, including a project staff roster, personal data, job descriptions and duties, and computer access levels. E. Document Security / Recycling: All client documents are maintained in locked filing cabinets, accessible only to personnel with the proper security clearance. Both confidential and non-confidential document disposal and recycling is performed for us by Royal Document Destruction. All staff trash cans are monitored to ensure that no potentially confidential documentation is placed into the regular garbage.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information