Security and compliance
Protect your data. Maintain compliance. Build trust.
Protect your data. Maintain compliance. Build trust.
Rest assured knowing your data is secured with end-to-end encryption, stringent access controls and rigorous security policies.
Benefit from an extensive set of compliance certifications to operate within a complex global regulatory environment.
Choose Artificial intelligence (AI) that is designed responsibly with ethical principles, governance and built-in safeguards.
Multi-layered security embedded throughout our technology, people and processes for comprehensive protection in every customer interaction.
This approach implements multiple layers of security mechanisms and controls to maintain the confidentiality, integrity and availability of data.
Genesys Cloud includes AES 256 key encryption for data at rest and HTTPS with TLS 1.2 or higher encryption for data in transit, as well as unique encryption keys and Bring Your Own Key (BYOK) capabilities.
Our privacy standards and configurable tools help customers meet their global data privacy needs across a variety of industries and locations.
Streamline access with single-sign-on using SAML 2.0 third-party providers. Multi-factor authentication adds an extra layer of protection. Configurable access privileges use least-privilege principle and role-based control mechanisms, while audit logs track user activity.
Within Amazon Web Services (AWS), Genesys Cloud production services and customer data are logically isolated in a virtual private cloud (VPC) for increased security. All connections between the Genesys Cloud VPC, browsers, mobile apps and other components are secured via HTTPS/TLS with strong AES-256 encryption over the public internet. We follow AWS best practices for the security group, load balancer and routing configurations.
The platform API follows the OAuth 2.0 specification for secure authorisation. Rate limits ensure platform stability and protect against denial-of-service attacks. And RESTful APIs enable encrypted data transfers, statelessness and granular access control.
We conduct continuous vulnerability scanning, penetration tests and pre-deployment checks, while host-based and network-based intrusion detection systems monitor for suspicious activities.
AWS provides data centre security. Controls include perimeter security, while physical access to AWS data centres is logged, monitored and retained, reducing the risk of insider security threats.
Genesys employs a full-time Information Security and Compliance team, and all employees are required to successfully complete security and compliance training on an annual basis.
The Genesys Cloud™ platform is trusted by thousands of customers — including those in highly regulated industries like the public sector, financial services, healthcare and utilities. Our security approach spans applications, infrastructure, processes and people, ensuring information remains secure, compliant and accessible.
Our comprehensive approach to security is embedded across our platform, processes and culture. It’s based on the principles of informed oversight, effective risk management, consistent security practices, rigorous audits, continuous feedback and full transparency.
Managing security and compliance is a shared responsibility between Genesys, our cloud service provider and our customers. This distribution of responsibilities relieves your operational burden and is typically more cost-effective than maintaining the same depth of security in-house.
Following the principles of security by design, our development teams are regularly trained on web application security and independent product security teams ensure new features go through rigorous security code reviews and testing before release.
Maintaining our extensive compliance portfolio shows our capabilities and commitment to delivering a secure platform that helps you meet and exceed your regulatory and compliance needs, regardless of the industry or geography you serve.
At Genesys, we prioritise transparency. Our Trust Centre offers insights into our security best practices, and you can easily access our legal agreements, including privacy policy and SLA.
We also provide a status portal for real-time and historical operational performance and scheduled maintenance. And you can read about our Ethical AI framework and sustainability efforts.
The costs of poor security measures are high: reputational damage, loss of consumer trust and confidence, potential lawsuits and a decreasing bottom line. It’s clear: companies that neglect security will see their customers turn to others that provide it.
By partnering with Genesys, you’ll gain the knowledge and tools needed to meet today’s global data security and compliance standards. Get in touch to learn how we can help.
We’ll contact you directly to set up a date and time that works with your schedule.
Contact centre compliance refers to adhering to a set of regulations, standards and guidelines set by local, federal and global regulatory and legislative bodies. A security and compliance contact centre is essential to provide excellent customer service, maintain customer trust by securing sensitive customer data like social security numbers and credit card information, ensure business continuity and avoid fines and penalties.
Depending on the country, the industry or specific business, the rules contact centres have to follow can vary. In general, these laws and guidelines are drafted to prevent fraud and data breaches while maintaining data privacy and security.
Though industry standards for call centre compliance can differ around the world, there are a few well-known examples. This includes laws such as the Telephone Consumer Protection Act (TCPA), the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI-DSS), which is designed to protect cardholder data.
Genesys engages multiple independent third-party organisations on a periodic basis to perform audits required for the certifications we maintain. Additionally, our legal team regularly reviews rules and regulations for any legislative or regulatory changes/additions. If necessary, updates are made to our call centre security policies and procedures to align with the latest standards.
Yes. Potential security incidents detected within or affecting the Genesys Cloud platform are reported to our dedicated Security Incident Response Team, who will activate and follow the Genesys Incident Response Plan that includes detailed security incident handling procedures for analysis, containment, removal and recovery with minimal impact to confidentiality, integrity or availability.
Start by identifying potential security risks, such as data breaches, unauthorised access and phishing. Next, review compliance requirements like GDPR, PCI-DSS and HIPAA to ensure the checklist meets regulatory standards.
Develop clear policies for user authentication, data encryption and real-time threat monitoring. Include regular password updates, secure workstation practices and access controls. Train employees on handling sensitive information and recognising suspicious activity.
Finally, schedule routine audits and incident response drills to test the checklist’s effectiveness and update it as needed. A well-structured security checklist not only protects sensitive customer information but also builds trust and ensures operational continuity.
One major mistake is neglecting regular employee training — many breaches occur because staff don’t recognise phishing or social engineering attempts. Another is using weak or shared passwords, which make it easier for attackers to gain access.
Failing to encrypt sensitive data during transmission or storage is also a serious risk. Some centres overlook access controls, allowing too many employees to view confidential customer information. Ignoring software updates and patch management can leave systems open to known vulnerabilities.
Lastly, not having a clear incident response plan can delay recovery after a breach. Avoiding these pitfalls helps maintain customer trust and ensures compliance with data protection regulations.
