Contact center compliance has its benefits.
Decrease risk
By avoiding data breaches and compliance fines.
Stay up and running
With business continuity and disaster recovery plans for your contact center.
Preserve data
With regular backups and data storage options.
Extend your IT team
And eliminate finger-pointing and gotchas by relying on a secure, integrated platform.
Reduce overhead
With managed security, operations, and protection for your contact center.
Leave security and compliance to the experts.

The NICE Trust Office is an organization of cloud security experts, tools and processes that provide superior security, compliance and reliability by safeguarding contact centers. The result: your critical company data stays safe, and you get system-wide availability.

The Trust Office drives security across CXone through a meet-and-exceed approach to audits for FedRAMP, PCI DSS, HITRUST, SOC2, GDPR and more. The platform is rigorously tested though regular penetration and intrusion detection exercises, all proactively monitored by two NOCs on a 24/7/365 basis, allowing for 99.99% guaranteed platform uptime, including maintenance windows.

business consulting
Don’t just meet your compliance needs. Exceed them.
Our high-security cloud environment protects your data and operations with a rigorous security architecture. So when you add our 99.99% uptime guarantee and a comprehensive security-driven approach to your compliance, the result is a contact center that you and your customers can trust with full confidence.
The FedRAMP program adheres to the National Institute of Standards and Technology (NIST) Special Publication 800-53 baseline security controls that allows for the processing of data across U.S. Federal Government entities. Nice helps agencies migrate from legacy systems to our resilient, compliant, and secure CXone platform. NICE is the only cloud contact center provider given Authorization to Operate (ATO) in a FedRAMP environment.
PCI DSS Level I and II
The Payment Card Industry Data Security Standard (PCI DSS) assesses the security and data privacy of cardholder data traversing across information systems. We help contact centers adhere to approved controls while taking our responsibility to protecting sensitive customer cardholder data seriously.
We comply fully with the Federal Communications Commission in protecting Customer Proprietary Network Information (CPNI). Your customer’s information call types are securely stored and continuously monitored. We’re also rock-solid in our commitment to never sell, lend, or license CPNI data to a third-party.
We’re committed to System and Organizational Controls (SOC) Type 2 that measures how well a given service organization conducts and regulates its data and organizational security programs. We’re also adhering to the supplemental Health Information Trust (HITRUST). Both ensure that we’re processing sensitive protected health information (PHI) in accordance with the HITRUST Common Security Framework mapped with the AICPA’s Trust Services Criteria.
The Global Data Protection Regulation (GDPR) aims to protect all European Union citizens from privacy and data breaches. As a data processor acting and serving our customers as data controllers, we place an extreme high importance of ensuring all GDPR Articles are enforced and audited by offering security features to use our contact center services to better protect data this is most sensitive.
NICE is fully accredited through the Information Security Registered Assessors Program (IRAP), which is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to the Australian government. The NICE IRAP compliance procedure has been performed by an independent IRAP assessor and ensures that the platform protects the Australian government’s data from access, abuse and disclosure when leveraging cloud contact center services.
Cyber Essentials
Cyber Essentials is an information assurance protocol operated by the United Kingdom’s National Cyber Security Centre (NCSC) that ensures information risk management by using an assurance framework and set of security controls to indicate an organization’s ability to protect its customers’ data from threats coming from the Internet. NICE has received the Cyber Essentials Certificate of Assurance following an independent assessment of its infrastructure and technical controls, such as boundary firewalls and gateways, secure configuration, access control, malware protection and patch management.
The California Consumers Protection Act (CCPA) was designed to enhance data privacy for residents of California by disclosing customer information handling as it pertains to individual data verification, opt-out procedures and general overviews of selling customer information, and methods of requests submission criteria. We value the importance of customer data privacy by offering CCPA-compliant based controls.
Publicly traded under NICE Ltd. (NASDAQ: NICE), we annually undergo SOX auditing to protect shareholders of the company and the general public from any accounting errors or fraudulent practices and to improve the accuracy of our corporate disclosures. We fully comply with SOX electronic record rules and security controls to address data storage and processing flows for compliant data handling.
Section 508
We support and fully comply with Section 508 of the Rehabilitation Act of 1973, requiring all federal agencies to make information technology accessible with disabilities. In demonstrating our compliance, we will offer a completed Voluntary Product Accessibility Template (VPAT) upon request.
We follow the privacy and security protections under HIPAA and the Health Information Technology for Economic Clinical Health (“HITECH”) Act. For covered entities and business associates subject to HIPAA, NICE offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request, NICE will sign a business associate agreement (“BAA”).
We adhere to the Telephone Consumer Protection Act (TCPA) and the STIR/SHAKEN Protocol, designed to combat robocalls by requiring grading call integrity before it hits the public internet or PSTN. NICE offers full A-level attestation for calls originating from our platform, before they even reach the carrier. This means that all CXone calls have the thumbs-up to travel to your customers.
“Trust is the first ingredient of any sale. NICE has the rich features, the reporting and technology we need, but what made the big difference was trust. I trust their business. I trust their platform. I trust the NICE organization and infrastructure supporting it all.”
Marion Timpson
Chief Operating Officer PlusOne Company
Related Resources

NICE CXone security and compliance

Effective security controls should be inherent in your data systems. NICE CXone meets your needs.

Case Studies

Business Continuity during a pandemic

Calls to 211 LA’s disaster hotline escalated dramatically during the COVID-19 pandemic. 211 LA turned to Expivia, a BPO using CXone, which enabled both organizations to quickly transition their agents to working from home.


NICE Disaster Recovery Capabilities

NICE CXone provides enterprise level failover and redundancy capabilities to keep your business going, along with scalability features to allow quick response to any situation.

Contact us

If you would like to know more about our platform or just have additional questions about our products or services, please submit the contact form. For customer support, please visit our support page to log into the Customer Community portal.