In insurance, "compliant" isn't a checkbox — it's the difference between a campaign and a class-action. Here's how we keep every dial, every transfer, and every recording on the right side of the line.
The Telephone Consumer Protection Act (47 U.S.C. § 227) governs how and when businesses may contact consumers by phone, text, and fax. 5 11 Enterprise treats TCPA as a foundational constraint, not an afterthought.
Every outbound campaign on autodialed or prerecorded technology requires prior express written consent from the consumer, in compliance with the FCC's one-to-one consent rule (effective January 2025). Consent records include:
Outbound calls only occur between 8:00 AM and 9:00 PM in the called party's local time zone. Holidays and state-specific restrictions are observed automatically by our dialer platform.
Every outbound list is scrubbed against:
Lists are re-scrubbed every 24 hours. A number added to any DNC list during an active campaign is automatically removed from the dial queue inside one hour.
For ACA, Medicare, and U65 campaigns where Protected Health Information (PHI) may be discussed, we maintain HIPAA-compliant infrastructure end to end:
For Medicare Advantage, Medicare Supplement, and Part D campaigns, we follow the CMS Medicare Communications and Marketing Guidelines (MCMG) in full. This includes:
Where a campaign requires an insurance license to quote, enroll, or recommend a product, the agent on the call is appropriately licensed in the consumer's state of residence. We maintain in-house licensed agents in all 48 contiguous states for Health, Life, and Property & Casualty lines.
Licensing renewals, continuing education, and state-specific bulletins are tracked and paid for by 5 11 Enterprise. No agent dials a state in which they are not currently licensed and appointed where required.
Every call — inbound, outbound, and live transfer — is recorded in full. Consent to recording is captured per state law, including two-party-consent states. Recordings are:
Our infrastructure is hosted in SOC 2 Type II-certified cloud environments. Production systems are isolated from corporate systems. Access requires SSO, MFA, and hardware key for all administrative roles. We are presently in process for SOC 2 Type II self-certification, target Q4 2026.
Every new hire goes through a three-week onboarding before taking a live call. Compliance training is a non-negotiable component, refreshed quarterly:
If you've received a call you believe was non-compliant, or if you'd like to be added to our internal DNC list, please contact us:
We respond to every compliance inquiry within two business days.