Deliberately Innovative – Deliberately Secure
Interactive Intelligence Group Inc. (Nasdaq: ININ) is a global provider of contact center, unified communications, and business process automation software and services designed to improve the customer experience. Our solutions, which can be deployed via the cloud or on-premises, are ideal for industries such as financial services, insurance, outsourcers, collections and utilities.
We understand that delivering a quality solution while maintaining the confidentiality, integrity, availability, and privacy, of sensitive data is critical to your business and ours. Therefore, we have established and maintain the following programs to meet these important needs:
ISO/IEC 27001:2013 Information Security Management System (ISMS) – The ISO/IEC 27001 standard specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) designed to ensure the confidentiality, integrity, and availability of sensitive customer and corporate information.
Interactive Intelligence has maintained registration to this standard since August 2013.
ISO/IEC 9001:2008 Quality Management System (QMS) – The ISO/IEC 9001 standard specifies the requirements for establishing, implementing, maintaining, and continually improving a Quality Management System (QMS) designed to ensure that our products and services are consistently delivered to meet customer, employee and other stakeholder requirements.
Interactive Intelligence has maintained registration to this standard since December 2004.
EU-US Privacy Shield – Interactive Intelligence self-certifies to the US Department of Commerce EU-US Privacy Shield designed to ensure the protection and appropriate handling of personal information that may be transferred to the United States from the European Union.
Information regarding our self-certification can be found here:
General Information on Privacy Shield can be found here:
Sarbanes-Oxley (SOX) – As a publicly traded organization, our technical and administrative controls for ensuring the accuracy and integrity of our public financial reports and fraud prevention controls are independently reviewed on an annual basis.
Results of this audit are included in our annual report which is available on our Investor Relations site.
Communications as a Service (CaaS) Cloud Services
Statement on Standards for Attestation Engagements (SSAE16) No. 16 and International Standards for Assurance Engagements (ISAE) No. 3402 – Our CaaS Cloud Services organization controls are reviewed annually and an SSAE16/ISAE3402 SOC2 Type II auditors’ attestation report is created. SSAE16, which replaced the former SAS70 in January 2010 as the authoritative guidance for reporting on the design and effectiveness of a Service Organizations’ controls. ISAE 3402 was developed to provide an international assurance standard for allowing Service Organizations to provide a report for use by user organizations and their auditors on the design and effectiveness of controls at a service organization. The SSAE16/ISAE3402 Service Organization Controls 2 (SOC 2) report is performed in accordance with the attestation standard, AT 101, and is based upon the Trust Services Principles of Security, Availability, Processing Integrity, Confidentiality, and Privacy. A Type II report evaluates the design and effectiveness of controls over a period of time.
Our current SSAE16 SOC2 Type II report describing the controls for our global CaaS Cloud Services offering is available upon request and requires the execution of a non-disclosure agreement. Please contact your local Sales Representative for additional information.
Payment Card Industry Data Security Standard (PCI DSS) – Customers who are concerned with the transmission, processing, or storage of credit card data may choose to be deployed into a PCI DSS compliant environment within our CaaS Data Centers within the United States and Europe (Slough/Frankfurt). A copy of our current PCI DSS Attestation of Compliance (AoC) report for these two environments is available upon request and requires the execution of a non-disclosure agreement. PCI compliant services for CaaS Cloud Services in other regions (Canada, Australia, Japan) may be available utilizing a third-party partner, however, certain restrictions apply.
Please contact your Sales Representative for additional information.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of regulations designed to ensure the proper handling of Protected Health Information (PHI) that health care related organizations in the United States are required to follow. A HIPAA compliance assessment of our CaaS Cloud Services environment is performed by an external vendor on an annual basis.
An executive summary of the report is available upon request and requires the execution of a non-disclosure agreement. Please contact your Sales Representative for additional information.
The Customer Interaction Center ® (CIC) versions 3.0 and 4.0 have been reviewed and certified by the Joint Interoperability Testing Command (JITC), which ensures compliance with information assurance and interoperability requirements for the U.S. Department of Defense Private Branch Exchange 2 classification. With this level of security built in, you can be assured that our products can be configured and deployed so that you can achieve and maintain compliance with whatever industry regulations or standards that apply to your organization.