Our Trust Office: Guardians of Your Contact Center
When your contact center is in the cloud, trust is a big deal. The experts in our Trust Office make sure your data is safe, your system is always available, and it runs at top speed.
Think of our team as the behind-the-scenes guardians for your contact center. They use their deep experience in securing, building, and optimizing networks to take care of the complex (and somewhat mundane) details so you don’t have to.
Our Trust Office makes sure your NICE inContact environment has:
- High service reliability. Count on 99.99% uptime from our systems and infrastructure.
- Iron-clad security. Only the highest security standards are good enough to protect your critical business data.
- Fast, scalable performance. Our network’s speedy performance can satisfy your contact center’s changing and growing demands.
NICE inContact maintains compliance and certifications with various industry standards to assist customers in verifying security policies and processes.
NICE inContact offers a Payment Card Industry (“PCI”) Level 1 compliant environment under the Payment Card Industry Data Security Standards (“PCI DSS”) that has been validated by an experienced Qualified Security Assessor (“QSA”) from The Cadence Group. This is a key assurance instrument NICE inContact provides as customers evaluate the strength of our security, performance, and reliability practices.
PCI compliance refers to implementing and adhering to the PCI DSS defined by the PCI Security Standards Council. Businesses that store, process, or transmit payment card information are required to report PCI compliance. The level of PCI compliance for each business is determined by how the card data is handled and by the number of electronic credit card transactions processed each year.
Our PCI compliant environments emphasize our commitment to information and data security at every level. Offering deployment in a PCI compliant environment makes it easier for our customers to implement PCI DSS compliant solutions according to their needs. Customers are responsible to obtain and maintain their own PCI certification.
The General Data Protection Regulation (GDPR) has been called the most important change in data privacy in years. It applies directly to companies located in the EU and extends to multinational companies that do business in the EU. For contact center operations this means that even if there is no physical presence within the EU, they could be subject to the requirements if they handle interactions with EU citizens. The specific impact that the GDPR will have on a business will vary.
We help our customers in their efforts to comply with the GDPR. We ensure our development and operational processes comply with regulations, such as SOC2, HITRUST, PCI, and Privacy Shield, however there is no standardized audit for GDPR compliance. NICE inContact also provides a variety of product features that can help with GDPR consent and data access requirements, if it is determined these apply to your business.
NICE inContact CXone has been granted Authorization to Operate (ATO) with the Federal Risk and Authorization Management Program (FedRAMP). Customers deployed on the CXone FedRAMP cloud environment are assured our solution meets federally mandated security, reliability, availability, and performance requirements. More information can be found on the FedRAMP Marketplace and the FedRAMP product page.
NICE inContact publishes an annual Service Organization Controls 2 (“SOC 2”) type 2 report, also referred to as an AT 101 report. The NICE inContact SOC 2 report is an attestation report that validates the effectiveness of our operating controls as a service organization to the criteria set forth by the American Institute of Certified Public Accountants (“AICPA”) Trust Services Principles. Our SOC 2 report is available upon request.
NICE inContact, is part of a public consolidated group publicly traded under NICE Ltd. (NASDAQ: NICE). NICE inContact annually evaluates and reviews its information technology and administrative controls related to financial reporting. This audit is performed by our internal audit department and by an external auditor, EY. Our annual report is available on our NICE’s website under Investor Relations.
NICE inContact complies with all Federal Communications Commission (“FCC”) regulations including protecting Customer Proprietary Network Information (“CPNI”) which is data we obtain in the normal course of providing customers with telecom services. This type information includes where, when, and whom you call and the types of service offerings and products you obtain from us.
Under the FCC guidelines, we store all customer data in a secure, monitored database. NICE inContact will not sell, lend, or license CPNI information to a third-party. Third-party contractors must sign a Non-Disclosure Agreement and cannot improperly use CPNI.
NICE inContact complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, retention of personal data transferred from European Union member countries to the United States. NICE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for which NICE inContact is a covered entity. To learn more about Privacy Shield, and to view NICE’s certification, please click here.
Other Industry Standards
Although some industry standards may not apply directly to NICE inContact, we take our customers’ compliance needs seriously. Standards such as the Health Insurance Portability and Accountability Act ("HIPAA"), Gramm–Leach–Bliley Act (“GLBA”), Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd Frank”), and Federal Deposit Insurance Corporation (“FDIC”) are similar and closely related to requirements for PCI, SOX, and SOC. We help our customers design solutions that ensure compliance with the industry standards most important to their business needs.
When a HIPAA compliant solution is requested, the resulting discussion centers around privacy and security protections under HIPAA and the Health Information Technology for Economic Clinical Health (“HITECH”) Act.
For covered entities and business associates subject to HIPAA, NICE inContact offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request, NICE inContact will sign a business associate agreement (“BAA”) according to the services NICE inContact provides our customers.
Section 508 of the Rehabilitation Act of 1973 requires all federal agencies to make information technology accessible to people with disabilities. In order to demonstrate Section 508 compliance, the product or service will have a completed Voluntary Product Accessibility Template (“VPAT”). Upon request, NICE inContact offers available VPATs.For more information, please contact a representative at 866.965.7227 or http://www.niceincontact.com/contact.