Trust Office

Our Trust Office: Guardians of Your Contact Center

When you move your contact center to the cloud, trust becomes a big deal. The experts in our Trust Office make sure your important data is safe, your system is always available, and it runs at top speed.

Think of our team as the behind-the-scenes guardians for your contact center.  They use their deep experience in securing, building, and optimizing networks to take care of the complex (and somewhat mundane) details so you don’t have to.

Our Trust Office makes sure your inContact environment has:

  • High service reliability. Count on 99.99% uptime from our systems and infrastructure. 
  • Iron-clad security. Only the highest security standards are good enough to protect your critical business data.  
  • Fast, scalable performance.  Our network’s speedy performance can satisfy your contact center’s changing and growing demands. 

Industry Certifications

inContact maintains various industry certifications to assist customers in verifying security policies and processes. We’ve been assessed and validated for the following industry certifications:


inContact offers a Payment Card Industry (“PCI”) Level 1 compliant environment under the Payment Card Industry Data Security Standards (“PCI DSS”) that has been validated by an experienced Qualified Security Assessor (“QSA”) from The Cadence Group. This is a key assurance instrument inContact provides as customers evaluate the strength of our security, performance, and reliability practices.

PCI compliance refers to implementing and adhering to the PCI DSS defined by the PCI Security Standards Council. Businesses that store, process, or transmit payment card information are required to report PCI compliance. The level of PCI compliance for each business is determined by how the card data is handled and by the number of electronic credit card transactions processed each year.

Our PCI compliant environments emphasize our commitment to information and data security at every level. Offering deployment in a PCI compliant environment makes it easier for our customers to implement PCI DSS compliant solutions according to their needs. Customers are responsible to obtain and maintain their own PCI certification.


inContact publishes an annual Service Organization Controls 2 (“SOC 2”) type 2 report, also referred to as an AT 101 report. The inContact SOC 2 report is an attestation report that validates the effectiveness of our operating controls as a service organization to the criteria set forth by the American Institute of Certified Public Accountants (“AICPA”) Trust Services Principles. Our SOC 2 report is available upon request.


inContact, as a publicly traded company, annually evaluates and reviews our information technology and administrative controls related to financial reporting. This audit is performed by our internal audit department and by an external auditor, Deloitte. Our annual report is available on our website under Investor Relations.


inContact complies with all Federal Communications Commission (“FCC”) regulations including protecting Customer Proprietary Network Information (“CPNI”) which is data we obtain in the normal course of providing customers with telecom services. This type information includes where, when, and whom you call and the types of service offerings and products you obtain from us.

Under the FCC guidelines, we store all customer data in a secure, monitored database. inContact will not sell, lend, or license CPNI information to a third-party. Third-party contractors must sign a Non-Disclosure Agreement and cannot improperly use CPNI. Our employees are trained annually on CPNI and must adhere to security checks and CPNI policies. To view our CPNI certification, please click here.

Safe Harbor

As a Safe Harbor partner, inContact uses the proper policies (privacy, network and computer security, hosting, and change management) and controls to ensure storage and transmission of customer information internationally is secure according to country regulations and industry best practices such as PCI, Safe Harbor, and SOX Section 404 standards. inContact also completes an annual audit of compliance. To find more information about what is covered under our Safe Harbor certification, please click here.

Other Industry Standards

Although some industry standards may not apply directly to inContact, we take our customers’ compliance needs seriously. Standards such as the Health Insurance Portability and Accountability Act of 1996, Gramm–Leach–Bliley Act (“GLBA”), Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd Frank”), and Federal Deposit Insurance Corporation (“FDIC”) are similar and closely related to requirements for PCI, SOX, and SOC. We help our customers design solutions that ensure compliance with the industry standards most important to their business needs.


When a HIPAA compliant solution is requested, the resulting discussion centers around privacy and security protections under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic Clinical Health (“HITECT”) Act.

For covered entities and business associates subject to HIPAA, inContact offers solutions for processing, transmitting, and storing protected health information (“PHI”). Upon request, inContact will sign a business associate agreement (“BAA”) according to the services inContact provides our customers. 

Section 508/VPAT

Section 508 of the Rehabilitation Act of 1973 requires all federal agencies to make information technology accessible to people with disabilities. In order to demonstrate Section 508 compliance, the product or service will have a completed Voluntary Product Accessibility Template (“VPAT”). Upon request, inContact offers available VPATs.

Information Commissioner’s Office

inContact is registered with the Information Commissioner’s Office (“ICO”). Since the United Kingdom (“UK”) requires safe transmission of personal data, we comply through internal assessments of compliance with UK data protection requirements. Providing transparency and openness about our business is critical to our trusted relationship with our customers. To view our registration with the ICO Data Protection Register, please click here.

For more information, please contact a representative at 866.965.7227 or

Heartbleed Bug

Businesses everywhere are very concerned about the recently announced Heartbleed bug which can allow encrypted transmissions to be compromised. inContact is very concerned about the possible impact of the Heartbleed bug and has taken this very seriously. We have assessed inContact web servers, network devices, VPNS and all services that utilize encryption technologies. Our audits have confirmed that inContact services are not affected by the Heartbleed bug and are under no risk as a result of this vulnerability.

If your technical staff has any further questions please feel free to contact your customer service manager for additional details.

What Our Customers Say

“Trust is the first ingredient of any sale. inContact has the rich features, the reporting and technology we need, but what made the big difference was trust. I trust their business. I trust their platform. I trust the inContact organization and infrastructure supporting it all.”
Marion Timpson, Chief Operating Officer
PlusOne Company

inContact and the Cloud Security Alliance

The Cloud Security Alliance (CSA) logo is the mark of elite companies that have demonstrated their knowledge of the cloud and how to secure it.


  • 2012 Frost & Sullivan North American Cloud Contact Center Solutions Company of the Year
  • 2012 IP Contact Center Technology Pioneer Award
  • 2012 TMC Labs Innovation Award
  • 2012 CRM Excellence Award Winner
  • 2011 Hosted Contact Center Market Share Leader by DMG Consulting
inContact & AICPA