Trust Office

Our Trust Office: Guardians of Your Contact Center

When you move your contact center to the cloud, trust becomes a big deal. The experts in our Trust Office make sure your important data is safe, your system is always available, and it runs at top speed.

Think of our team as the behind-the-scenes guardians for your contact center.  They use their deep experience in securing, building, and optimizing networks to take care of the complex (and somewhat mundane) details so you don’t have to.

Our Trust Office makes sure your inContact environment has:

  • High service reliability. Count on 99.99% uptime from our systems and infrastructure. 
  • Iron-clad security. Only the highest security standards are good enough to protect your critical business data.  
  • Fast, scalable performance.  Our network’s speedy performance can satisfy your contact center’s changing and growing demands. 

Industry Certifications

Meeting the minimum requirements isn’t good enough for us when it comes to industry certifications. We prefer to go above and beyond so we inspire your trust and confidence. Here’s a snapshot of our many certifications:


We’re designated as a Service Provider Level 1 or below and Merchant Level 3 for PCI (Payment Card Industry).  With the recent addition of PCI DSS Level 1 compliance as a Service Provider to our previous portfolio of PCI DSS compliant solutions, inContact can now offer deployment in environments that cover a wide range of customer PCI DSS requirements. Our being able to offer deployment in PCI Level 1 or Level 2 compliant environments makes it easier for our customers to implement PCI DSS compliant solutions according to their needs.  The external validation of compliance with the Payment Card Industry Data Security Standard required for PCI DSS Level 1 was executed by experienced Qualified Security Assessors (QSAs) from The Cadence Group. For PCI DSS Level 2 compliance, we continue to complete an annual self-assessment and Attestation of Compliance (AOC) , quarterly vulnerability scans, and an annual penetration test and audit of the controls.  Our AOC is completed by our Internal Audit Department which is certified as an Internal Security Assessor. 

SOC 2 Type II

In 2011, the American Institute of Certified Public Accounts (AICPA), the SAS 70 Audit was replaced by three new Service Organization Control (SOC) standards, SOC 1, SOC 2, and SOC 3. Since our services don’t directly host or affect customers’ financials, we completed a SOC 2 Type II report, which validates the effectiveness of our operating controls.

404 SOX

Our 404 Certification for Sarbanes-Oxley (SOX) designates us as an Accelerated Filer. Our IT security and controls are included in this annual certification to evaluate our controls over financial reporting. We protect private information like consumer or employee information (such as credit card numbers, name, social security number, and phone number). This audit is performed by our internal audit department and confirmed by external auditors, Deloitte & Touche.


We comply with all Federal Communications Commission (FCC) regulations including protecting Customer Proprietary Network Information (CPNI) which is data we obtain in the normal course of providing you with telecom services. This type information includes where, when and whom you call, and the types of service offering and products you get from us.

Under FCC guidelines, we store all customer data in a secure, monitored database. We will not sell, lend or license CPNI information to a third-party. Third-party contractors must sign Non-Disclosure Agreements and cannot improperly use CPNI information. Our employees must adhere to security checks and CPNI policies.

Safe Harbor

As a Safe Harbor partner, we use the proper policies (privacy, network and computer security, hosting, and change management) and controls to ensure storage and transmission of customer information internationally is secure according to country regulations and industry best practices such as PCI, Safe Harbor and section 404 standards. We also complete an annual audit of compliance.


When a “HIPAA Compliant” solution is requested, the resulting discussion centers around a law, the Health Insurance Portability and Accountability Act of 1996 (collectively called the “Privacy Rule”), and a later HITECH act, Health Information Technology for Economic Clinical Health ACT (2009).

Although for HIPAA there is no audit testing with a resulting certificate or report, there are additional specified requirements in these laws that put definitions on the types of responses and processes expected of organizations that handle Protected Health Information (PHI). Based on what type of handling the PHI data receives, there are certain requirements.

So, businesses that deal directly with a person’s protected health information such as a covered health care provider, a health care clearing house, or a health plan are considered “Covered Entities” (CE) under the laws. Businesses to whom Covered Entities might disclose protected health information by way of performing services for the CE (claims processing, call contact management, etc.) are classified as “Business Associates (BA).” inContact is a BA.

The Privacy Rule requires that a CE obtain satisfactory assurances with a Business Associate Agreement (BAA) that the BA will appropriately safeguard the protected health information it stores, processes or transmits on behalf of the CE. A CE’s BAA contract will detail practices as to the uses and secure management of the data.

inContact will review and sign such a BAA as provided by the customer.

inContact is committed to comply with all laws within the countries in which its customers do business. However, with a cloud service such as inContact, no matter how solid inContact’s security and privacy profiles might be, the customer must validate their own compliance. As with other security compliance infrastructures such as PCI and SOC, to observe HIPAA laws, the customer themselves must provide the instruments for verification of compliance in accordance their level of involvement in managing personal identifiable and protected health information.

Other Industry Standards

Although some industry standards may not apply to our company, we take our customers’ compliance needs seriously. Standards such as HIPAA, GLBA, Dodd Frank and FDIC are similar and closely related to PCI, 404 and SOC requirements. We help our customers design solutions that ensure compliance with the industry standards most important to their businesses.

Information Commissioner’s Office

We’re registered with the Information Commissioner’s Officer. Since the UK requires safe transmission of personal data, we comply through internal assessments of compliance with UK data protection requirements. Providing transparency and openness about our business is critical to our trusted relationship with our customers.

Heartbleed Bug

Businesses everywhere are very concerned about the recently announced Heartbleed bug which can allow encrypted transmissions to be compromised. inContact is very concerned about the possible impact of the Heartbleed bug and has taken this very seriously. We have assessed inContact web servers, network devices, VPNS and all services that utilize encryption technologies. Our audits have confirmed that inContact services are not affected by the Heartbleed bug and are under no risk as a result of this vulnerability.

If your technical staff has any further questions please feel free to contact your customer service manager for additional details.

What Our Customers Say

“Trust is the first ingredient of any sale. inContact has the rich features, the reporting and technology we need, but what made the big difference was trust. I trust their business. I trust their platform. I trust the inContact organization and infrastructure supporting it all.”
Marion Timpson, Chief Operating Officer
PlusOne Company

inContact and the Cloud Security Alliance

The Cloud Security Alliance (CSA) logo is the mark of elite companies that have demonstrated their knowledge of the cloud and how to secure it.


  • 2012 Frost & Sullivan North American Cloud Contact Center Solutions Company of the Year
  • 2012 IP Contact Center Technology Pioneer Award
  • 2012 TMC Labs Innovation Award
  • 2012 CRM Excellence Award Winner
  • 2011 Hosted Contact Center Market Share Leader by DMG Consulting
inContact & AICPA