When you move your contact center to the cloud, trust becomes a big deal. The experts in our
Trust Office make sure your important data is safe, your system is always available, and it runs at top speed.
Think of our team as the behind-the-scenes guardians for your contact center. They use their deep experience in securing, building, and optimizing networks to take care of the complex (and somewhat mundane) details so you don’t have to.
CXone Trust Office makes sure your NICE inContact environment has:
- High service reliability. Count on 99.99% uptime from our systems and infrastructure.
- Iron-clad security. Only the highest security standards are good enough to protect your critical business data.
- Fast, scalable performance. Our network’s speedy performance can satisfy your contact center’s changing and growing demands.
NICE inContact maintains various industry certifications to assist customers in verifying security policies and processes. We’ve been assessed and validated for the following industry certifications:
NICE inContact offers a Payment Card Industry (“PCI”) Level 1 compliant environment under the Payment Card Industry Data Security Standards (“PCI DSS”) that has been validated by an experienced Qualified Security Assessor (“QSA”) from The Cadence Group. This is a key assurance instrument NICE inContact provides as customers evaluate the strength of our security, performance, and reliability practices.
PCI compliance refers to implementing and adhering to the PCI DSS defined by the PCI Security Standards Council. Businesses that store, process, or transmit payment card information are required to report PCI compliance. The level of PCI compliance for each business is determined by how the card data is handled and by the number of electronic credit card transactions processed each year.
Our PCI compliant environments emphasize our commitment to information and data security at every level. Offering deployment in a PCI compliant environment makes it easier for our customers to implement PCI DSS compliant solutions according to their needs. Customers are responsible to obtain and maintain their own PCI certification.
NICE inContact publishes an annual
Service Organization Controls 2 (“SOC 2”) type 2 report, also referred to as an AT 101 report. The NICE inContact SOC 2 report is an attestation report that validates the effectiveness of our operating controls as a service organization to the criteria set forth by the American Institute of Certified Public Accountants (“AICPA”) Trust Services Principles. Our SOC 2 report is available upon request.
inContact, is part of a public consolidated group publicly traded under NICE Ltd. (NASDAQ: NICE).
NICE inContact annually evaluates and reviews its information technology and administrative controls related to financial reporting. This audit is performed by our internal audit department and by an external auditor, EY. Our annual report is available on our NICE’s website under
NICE inContact complies with all Federal Communications Commission (“FCC”) regulations including protecting Customer Proprietary Network Information (“CPNI”) which is data we obtain in the normal course of providing customers with telecom services. This type information includes where, when, and whom you call and the types of service offerings and products you obtain from us.
Under the FCC guidelines, we store all customer data in a secure, monitored database.
NICE inContact will not sell, lend, or license CPNI information to a third-party. Third-party contractors must sign a Non-Disclosure Agreement and cannot improperly use CPNI.
NICE inContact complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, retention of personal data transferred from European Union member countries to the United States. NICE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for which NICE inContact is a covered entity. To learn more about Privacy Shield, and to view NICE’s certification, please
Other Industry Standards
Although some industry standards may not apply directly to
NICE inContact, we take our customers’ compliance needs seriously. Standards such as the Health Insurance Portability and Accountability Act ("HIPAA"), Gramm–Leach–Bliley Act (“GLBA”), Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd Frank”), and Federal Deposit Insurance Corporation (“FDIC”) are similar and closely related to requirements for PCI, SOX, and SOC. We help our customers design solutions that ensure compliance with the industry standards most important to their business needs.
When a HIPAA compliant solution is requested, the resulting discussion centers around privacy and security protections under HIPAA and the Health Information Technology for Economic Clinical Health (“HITECH”) Act.
For covered entities and business associates subject to HIPAA,
NICE inContact offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request,
NICE inContact will sign a business associate agreement (“BAA”) according to the services NICE inContact provides our customers.
Section 508 of the Rehabilitation Act of 1973 requires all federal agencies to make information technology accessible to people with disabilities. In order to demonstrate
Section 508 compliance, the product or service will have a completed Voluntary Product Accessibility Template (“VPAT”). Upon request,
NICE inContact offers available VPATs.