Security and Compliance – Contact Center Platform

Security & reliability through experts, tools and processes
Get Quote

Superior security, compliance and reliability for your contact center

The NICE inContact Trust Office is an organization of cloud security experts, tools and processes that provide superior security, compliance and reliability by safeguarding contact centers. As a result, CXone delivers protection for critical company data, high system-wide availability and a CX platform that meets the needs of digital-first businesses. The Trust Office drives security across CXone through a meet-and-exceed approach to audits for FedRAMP, PCI DSS, HITRUST, SOC2, GDPR and more. The platform is rigorously tested though regular penetration and intrusion detection exercises, all proactively monitored by two NOCs on a 24/7/365 basis, allowing for 99.99% guaranteed platform uptime, including maintenance windows.
Decrease
Risk and profit loss by avoiding data breaches and compliance fines
Preserve
Mission-critical company data through regular backups and data storage options
Gain
Business continuity and disaster recovery for your contact center
Eliminate
IT finger-pointing and gotchas by relying on CXone
Reduce
IT overhead with managed security, operations, and protection of your contact center
Cloud security experts, tools and processes
Defend Critical Data

Place your data and contact center operations in a high security environment that mitigates risk in the cloud

  • Reduce risk and profit loss
  • A rigorous security architecture
  • Peace of mind with a secure contact center
  • Gain confidence through data protection
  • Self-service security reporting
Rely on 99.99% Uptime

Access high reliability environment that bolsters your Business Continuity/Disaster Recovery strategy

  • Eliminate IT finger-pointing and gotchas
  • Never lose a call or session due to downtime
  • Preserve mission-critical company data
  • Confidently implement Business
  • Continuity/Disaster Recovery plans
Achieve Compliance Goals

Take security-driven approach to your compliance strategy to meet the protection needs for your platform

  • A clear path to the cloud that meets compliance requirements
  • Security-driven compliance with protection across all layers
  • Decrease risk by using industry standard best practices
  • Reduce IT overhead through outsourcing to NICE inContact
Deliver a better and more consistent customer experience
Deliver a better and more consistent customer experience
  • Achieve your NPS, CSAT and other customer experience objectives
  • Immediately identify and address agent behavior trends 
  • Reduce negative customer experiences 
FEDRAMP
The FedRAMP program Adheres to the National Institute of Standards and Technology (NIST) Special Publication 800-53 baseline security controls that, once attested, allows for the processing of data across U.S. Federal Government entities. Working with a cloud-services provider Authorized to Operate with a sponsoring and approving U.S. Government Agency enables your contact center to migrate from antiquated and generally insecure IT systems to resilient, redundant, compliant, and secure cloud-based systems. NICE inContact is the only cloud contact center provider given Authorization to Operate in a FedRAMP environment.
PCI DSS Level I and II

The Payment Card Industry Data Security Standard (PCI DSS) assesses the security and data privacy of cardholder data traversing across information systems. We commit to offering contact center services that adhere to data security controls approved by the Payment Card Industry Security Standards Council as, we understand the commitment and trust we need to have with customers across the globe when protecting sensitive customer cardholder data.

CPNI

As a telecommunications services provider, we fully comply with the Federal Communications Commission in protecting Customer Proprietary Network Information (CPNI). Your customer’s information call types are securely stored and continuously monitored; further, it is our commitment to you that we will not sell, lend, or license CPNI data to a third-party.

AICPA SOC 2 Type 2 + HiTRUST

The System and Organizational Controls (SOC) 2 Type 2 attestation is designed to measure how well a given service organization conducts and regulates its data and organizational security programs by providing an industry-hardened report that details procedures and controls. Further, we have committed to the supplemental Health Information Trust (HITRUST) addition to SOC 2, which means we offer the assurance to process sensitive protected health information (PHI) in accordance with the HITRUST Common Security Framework mapped with the AICPA’s Trust Services Criteria to streamline reporting while ensuring data privacy confidence.

GDPR

The Global Data Protection Regulation (GDPR) aims to protect all European Union citizens from privacy and data breaches. As a data processor acting and serving our customers as data controllers, we place an extreme high importance of ensuring all GDPR Articles are enforced and audited by offering security features to use our contact center services to better protect data this is most sensitive. In fact, before the EU regulatory agencies mandated external compliant assessments, we elected to prove our GDPR commitment with a third-party qualified security assessor to validate our strong security measures, offering confidence and trust to users around the world.

CCPA

The California Consumers Protection Act (CCPA) was designed to enhance data privacy for residents of California by disclosing customer information handling as it pertains to individual data verification, opt-out procedures and general overviews of selling customer information, and methods of requests submission criteria. By offering transparency of our privacy policies and customer data handling and processing controls via our contact center solutions, we value the importance of customer data privacy by offering CCPA-compliant based controls.

SOX

Publicly traded under NICE Ltd. (NASDAQ: NICE), we annually undergo SOX auditing to protect shareholders of the company and the general public from any accounting errors or fraudulent practices and to improve the accuracy of our corporate disclosures. We fully comply with SOX electronic record rules and security controls to address data storage and processing flows for compliant data handling.

Privacy Shield

In support of our GDPR commitment and transatlantic commerce, we are an active and certified participant in the EU to US Privacy Shield Framework to process EU member state customer data to the US, and other locations. Maintaining Article 45 of GDPR, provisions a continuity of adequacy determinations under the EU Data Protection Directive in complying with the secure means of collecting, storing, and processing sensitive data.

Section 508

We support and fully comply with Section 508 of the Rehabilitation Act of 1973, requiring all federal agencies to make information technology accessible with disabilities. In demonstrating our compliance, we will offer a completed Voluntary Product Accessibility Template (VPAT) upon request.

HIPAA

When a HIPAA compliant solution is requested, the resulting discussion centers around privacy and security protections under HIPAA and the Health Information Technology for Economic Clinical Health (“HITECH”) Act. For covered entities and business associates subject to HIPAA, NICE inContact offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request, NICE inContact will sign a business associate agreement (“BAA”) according to the services NICE inContact provides our customers.

TCPA

Congress enacted the Telephone Consumer Protection Act (TCPA) in 1991 to address the growing number of telephone marketing calls being made in the US. To reduce the number of hang-up and dead air calls consumers experience, the Commissions telemarketing rules also contain restrictions on the use of auto-dialers and requirements for transmitting caller ID information. Most recently, The FCC introduced the STIR/SHAKEN Protocol, designed to combat robocalls by requiring grading call integrity before it hits the public internet or PSTN. NICE inContact offers full A-level attestation for calls originating from our platform, before they even reach the carrier. This means that all CXone calls have the thumbs-up to travel to your customer. We can then work with you on ensuring your databases meet evolving TCPA standards.