Security and Compliance – Contact Center Platform

Security & reliability through experts, tools and processes
Get Quote

Superior security, compliance and reliability for your contact center

The NICE inContact Trust Office is an organization of cloud security experts, tools and processes that provide superior security, compliance and reliability by safeguarding contact centers. As a result, CXone delivers protection for critical company data, high system-wide availability and a CX platform that meets the needs of digital-first businesses. The Trust Office drives security across CXone through a meet-and-exceed approach to audits for FedRAMP, PCI DSS, HITRUST, SOC2, GDPR and more. The platform is rigorously tested though regular penetration and intrusion detection exercises, all proactively monitored by two NOCs on a 24/7/365 basis, allowing for 99.99% guaranteed platform uptime, including maintenance windows.
Risk and profit loss by avoiding data breaches and compliance fines
Mission-critical company data through regular backups and data storage options
Business continuity and disaster recovery for your contact center
IT finger-pointing and gotchas by relying on CXone
IT overhead with managed security, operations, and protection of your contact center
Cloud security experts, tools and processes
Defend Critical Data

Place your data and contact center operations in a high security environment that mitigates risk in the cloud

  • Reduce risk and profit loss
  • A rigorous security architecture
  • Peace of mind with a secure contact center
  • Gain confidence through data protection
  • Self-service security reporting
Rely on 99.99% Uptime

Access high reliability environment that bolsters your Business Continuity/Disaster Recovery strategy

  • Eliminate IT finger-pointing and gotchas
  • Never lose a call or session due to downtime
  • Preserve mission-critical company data
  • Confidently implement Business
  • Continuity/Disaster Recovery plans
Achieve Compliance Goals

Take security-driven approach to your compliance strategy to meet the protection needs for your platform

  • A clear path to the cloud that meets compliance requirements
  • Security-driven compliance with protection across all layers
  • Decrease risk by using industry standard best practices
  • Reduce IT overhead through outsourcing to NICE inContact
Deliver a better and more consistent customer experience
Deliver a better and more consistent customer experience
  • Achieve your NPS, CSAT and other customer experience objectives
  • Immediately identify and address agent behavior trends 
  • Reduce negative customer experiences 

A Security-Driven Approach to Compliance

Given the high volume of data transactions contact centers process daily, security controls and attested industry compliance are paramount. Cybersecurity programs that support the contact center while providing transparency to customer is our specialty at the NICE inContact Trust Office. More so than just awareness, we commit to a higher level of trust in ensuring you or your service provider are properly processing and securing data.

NICE inContact maintains compliance and certifications with various industry standards to assist customers in verifying security policies and processes.

The FedRAMP program Adheres to the National Institute of Standards and Technology (NIST) Special Publication 800-53 baseline security controls that, once attested, allows for the processing of data across U.S. Federal Government entities. Working with a cloud-services provider Authorized to Operate with a sponsoring and approving U.S. Government Agency enables your contact center to migrate from antiquated and generally insecure IT systems to resilient, redundant, compliant, and secure cloud-based systems. NICE inContact is the only cloud contact center provider given Authorization to Operate in a FedRAMP environment.
PCI DSS Level I and II

The Payment Card Industry Data Security Standard (PCI DSS) assesses the security and data privacy of cardholder data traversing across information systems. We commit to offering contact center services that adhere to data security controls approved by the Payment Card Industry Security Standards Council as, we understand the commitment and trust we need to have with customers across the globe when protecting sensitive customer cardholder data.


As a telecommunications services provider, we fully comply with the Federal Communications Commission in protecting Customer Proprietary Network Information (CPNI). Your customer’s information call types are securely stored and continuously monitored; further, it is our commitment to you that we will not sell, lend, or license CPNI data to a third-party.


The System and Organizational Controls (SOC) 2 Type 2 attestation is designed to measure how well a given service organization conducts and regulates its data and organizational security programs by providing an industry-hardened report that details procedures and controls. Further, we have committed to the supplemental Health Information Trust (HITRUST) addition to SOC 2, which means we offer the assurance to process sensitive protected health information (PHI) in accordance with the HITRUST Common Security Framework mapped with the AICPA’s Trust Services Criteria to streamline reporting while ensuring data privacy confidence.


The Global Data Protection Regulation (GDPR) aims to protect all European Union citizens from privacy and data breaches. As a data processor acting and serving our customers as data controllers, we place an extreme high importance of ensuring all GDPR Articles are enforced and audited by offering security features to use our contact center services to better protect data this is most sensitive. In fact, before the EU regulatory agencies mandated external compliant assessments, we elected to prove our GDPR commitment with a third-party qualified security assessor to validate our strong security measures, offering confidence and trust to users around the world.

NICE inContact is fully accredited through the Information Security Registered Assessors Program (IRAP), which is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to the Australian government. The NICE inContact IRAP compliance procedure has been performed by an independent IRAP assessor and ensures that the platform protects the Australian government’s data from access, abuse and disclosure when leveraging cloud contact center services.
irap icon
Cyber Essentials

Cyber Essentials is an information assurance protocol operated by the United Kingdom’s National Cyber Security Centre (NCSC) that ensures information risk management by using an assurance framework and set of security controls to indicate an organization’s ability to protect its customers’ data from threats coming from the Internet. NICE inContact has received the Cyber Essentials Certificate of Assurance following an independent assessment of its infrastructure and technical controls, such as boundary firewalls and gateways, secure configuration, access control, malware protection and patch management.

cyber essential icon

The California Consumers Protection Act (CCPA) was designed to enhance data privacy for residents of California by disclosing customer information handling as it pertains to individual data verification, opt-out procedures and general overviews of selling customer information, and methods of requests submission criteria. By offering transparency of our privacy policies and customer data handling and processing controls via our contact center solutions, we value the importance of customer data privacy by offering CCPA-compliant based controls.


Publicly traded under NICE Ltd. (NASDAQ: NICE), we annually undergo SOX auditing to protect shareholders of the company and the general public from any accounting errors or fraudulent practices and to improve the accuracy of our corporate disclosures. We fully comply with SOX electronic record rules and security controls to address data storage and processing flows for compliant data handling.

Section 508

We support and fully comply with Section 508 of the Rehabilitation Act of 1973, requiring all federal agencies to make information technology accessible with disabilities. In demonstrating our compliance, we will offer a completed Voluntary Product Accessibility Template (VPAT) upon request.


When a HIPAA compliant solution is requested, the resulting discussion centers around privacy and security protections under HIPAA and the Health Information Technology for Economic Clinical Health (“HITECH”) Act. For covered entities and business associates subject to HIPAA, NICE inContact offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request, NICE inContact will sign a business associate agreement (“BAA”) according to the services NICE inContact provides our customers.


Congress enacted the Telephone Consumer Protection Act (TCPA) in 1991 to address the growing number of telephone marketing calls being made in the US. To reduce the number of hang-up and dead air calls consumers experience, the Commissions telemarketing rules also contain restrictions on the use of auto-dialers and requirements for transmitting caller ID information. Most recently, The FCC introduced the STIR/SHAKEN Protocol, designed to combat robocalls by requiring grading call integrity before it hits the public internet or PSTN. NICE inContact offers full A-level attestation for calls originating from our platform, before they even reach the carrier. This means that all CXone calls have the thumbs-up to travel to your customer. We can then work with you on ensuring your databases meet evolving TCPA standards.