Growth · Part of Skills and Competency
Regulated Certifications
sub-spec 25A
FINRA, HIPAA, PCI, and other regulated certifications with license numbers (AES-256-GCM encrypted at rest), issuing body, expiry, and one-click compliance audit export. LOB hard-gates enforce in scheduling — an uncertified agent literally cannot be assigned to regulated work.
Cert types registry — /skills Certifications tab. PCI-DSS Compliance — Card Data Handling is configured with issuing body 'PCI Security Standards Council', a 12-month validity period, and License # = Required (the latter triggers AES-256-GCM encrypted license storage on every per-employee record). FINRA Series 6, HIPAA, First Aid + CPR, and Quebec OHS sit alongside; operations manages the registry directly, no engineering ticket required.
1 / 3
For the operator
Certifications tab on /skills for the type registry; per-employee certifications on employee detail (with the masked license number + reveal-with-audit-event); LOB cert requirements drawer on the client account management surface. Renewal reminders surface in employee + L&D notifications. Compliance officer pulls a filtered audit export when asked.
Business impact
An uncertified agent on regulated work isn't a margin issue, it's a contract-termination event — and in some verticals a regulator-fine event. Hard scheduling gates remove the failure mode and the audit posture lets you bid confidently on regulated-vertical work that competitors can't credibly serve. The license-number encryption + PII reveal audit closes the compliance question that historically blocked enterprise deals in healthcare and financial services. New revenue lanes opened, existing regulated-client risk closed.