Contact Center Security and Compliance

The FedRAMP program adheres to the National Institute of Standards and Technology (NIST) Special Publication 800-53 baseline security controls that allows for the processing of data across U.S. Federal Government entities. Nice helps agencies migrate from legacy systems to our resilient, compliant, and secure CXone platform. NICE is the only cloud contact center provider given Authorization to Operate (ATO) in a FedRAMP environment.

The Payment Card Industry Data Security Standard (PCI DSS) assesses the security and data privacy of cardholder data traversing across information systems. We help contact centers adhere to approved controls while taking our responsibility to protecting sensitive customer cardholder data seriously.

We comply fully with the Federal Communications Commission in protecting Customer Proprietary Network Information (CPNI). Your customer’s information call types are securely stored and continuously monitored. We’re also rock-solid in our commitment to never sell, lend, or license CPNI data to a third-party.

We’re committed to System and Organizational Controls (SOC) Type 2 that measures how well a given service organization conducts and regulates its data and organizational security programs. We’re also adhering to the supplemental Health Information Trust (HITRUST). Both ensure that we’re processing sensitive protected health information (PHI) in accordance with the HITRUST Common Security Framework mapped with the AICPA’s Trust Services Criteria.

The Global Data Protection Regulation (GDPR) aims to protect all European Union citizens from privacy and data breaches. As a data processor acting and serving our customers as data controllers, we place an extreme high importance of ensuring all GDPR Articles are enforced and audited by offering security features to use our contact center services to better protect data this is most sensitive.

NICE is fully accredited through the Information Security Registered Assessors Program (IRAP), which is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to the Australian government. The NICE IRAP compliance procedure has been performed by an independent IRAP assessor and ensures that the platform protects the Australian government’s data from access, abuse and disclosure when leveraging cloud contact center services.

Cyber Essentials is an information assurance protocol operated by the United Kingdom’s National Cyber Security Centre (NCSC) that ensures information risk management by using an assurance framework and set of security controls to indicate an organization’s ability to protect its customers’ data from threats coming from the Internet. NICE has received the Cyber Essentials Certificate of Assurance following an independent assessment of its infrastructure and technical controls, such as boundary firewalls and gateways, secure configuration, access control, malware protection and patch management.

The California Consumers Protection Act (CCPA) was designed to enhance data privacy for residents of California by disclosing customer information handling as it pertains to individual data verification, opt-out procedures and general overviews of selling customer information, and methods of requests submission criteria. We value the importance of customer data privacy by offering CCPA-compliant based controls.

Publicly traded under NICE Ltd. (NASDAQ: NICE), we annually undergo SOX auditing to protect shareholders of the company and the general public from any accounting errors or fraudulent practices and to improve the accuracy of our corporate disclosures. We fully comply with SOX electronic record rules and security controls to address data storage and processing flows for compliant data handling.

We support and fully comply with Section 508 of the Rehabilitation Act of 1973, requiring all federal agencies to make information technology accessible with disabilities. In demonstrating our compliance, we will offer a completed Voluntary Product Accessibility Template (VPAT) upon request.

We follow the privacy and security protections under HIPAA and the Health Information Technology for Economic Clinical Health (“HITECH”) Act. For covered entities and business associates subject to HIPAA, NICE offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request, NICE will sign a business associate agreement (“BAA”).

We adhere to the Telephone Consumer Protection Act (TCPA) and the STIR/SHAKEN Protocol, designed to combat robocalls by requiring grading call integrity before it hits the public internet or PSTN. NICE offers full A-level attestation for calls originating from our platform, before they even reach the carrier. This means that all CXone calls have the thumbs-up to travel to your customers.