PureCloud Security and Certifications
Delivering a quality solution while maintaining the confidentiality, integrity, availability, and privacy of sensitive data is critical to your business and ours.
PureCloud Platform and Services
PureCloud has completed a third-party Statement on Standards for Attestation Engagements (SSAE) 16/ISAE 3402 SOC 2 Type II examination. SSAE 16 conveys our commitment to the highest standards by providing PureCloud customers with assurance of security and privacy controls. A copy of our SSAE16 Attestation can be provided to customers upon request.
PureCloud has also achieved compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and third-party compliance verification.
The PureCloud platform achieved a PCI DSS assessment as a Level 1 Service Provider using version 3.2 of the PCI DSS standard. The Attestation of Compliance will be provided to customers under a non-disclosure agreement.
PureCloud is currently pursuing additional compliance standards.
Encryption at rest and in transit:
- PureCloud uses HTTPS and TLS to secure all connections to browsers, mobile apps, and other components bi-directionally with AES-256 encryption.
- PureCloud makes it easy to encrypt voice traffic with TLS (SIP signaling) and SRTP (IP voice).
- Call recordings are encrypted at rest and in transit over public Internet.
- AWS S3 buckets for content management and other sensitive data stores provide encryption at rest.
- Extensive use of ephemeral storage for databases removes the potential for compromised data from stolen or lost hard drives.
- Backups are encrypted in transit and at rest.
PureCloud Resource Center
Certifications and Memberships
Amazon Web Services (AWS)
The Interactive Intelligence PureCloud suite of products is built on Amazon Web Services (AWS). AWS brings an impressive security and compliance portfolio with their cloud service.
From the earliest designs of PureCloud in 2012 we have developed our services and communications architecture to enforce separation between data requests for different organizations. PureCloud APIs and internal microservices will not respond to a request or return data with more than one organization in a request. Organization ID and Requester (user) ID are embedded into every secured request and are validated by the services for every call.
PureCloud Single Sign-On (SSO)
PureCloud has full authentication built-in, or you can use one of the industry-standard single sign-on solutions your organization is using (such as Active Directory or SalesForce) to simplify access.
With SSO enabled, users log in the first time with credentials for the identity provider using the same credentials they use to log in to the network and other applications. After that initial sign-in under the single account, they can just click the identity provider link to log in.
PureCloud supports SSO with:
PureCloud Edge Telephony Appliance Product Compliance
The Edge is our on-site appliance that connects to local phone networks and external phone systems (PSTNs). It also provides security for voice data and voice recordings.
- Outbound Protocol HTTPS/TLS
- Supports Transport Layer Security (TLS) SIP signaling protocol
- Encrypted recordings (AES256 disk level encryption)
- Encrypted customer data (AES256 disk level encryption)
- All communications between PureCloud Edge and the PureCloud service are encrypted and secure through TLS with mutual authentication
- PureCloud Edge Voice calls are, by default, encrypted through the SRTP (IP voice) protocol
- PureCloud Edge SIP signaling, by default, is protected through the TLS protocol
- Dynamic transcription of VoIP communications when different encryptions are used by both parties
- Safety Standards – UL60950-1; FCC 47 CFR part 15 Class B EN300 386, EN 55022, EN 55024
PureCloud is developed using ISO/IEC process standards.
ISO/IEC 27001:2013 Information Security Management System (ISMS) – The ISO/IEC 27001 standard specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) designed to ensure the confidentiality, integrity, and availability of sensitive customer and corporate information.
We have maintained registration to this standard since August 2013.
ISO/IEC 9001:2008 Quality Management System (QMS) – The ISO/IEC 9001 standard specifies the requirements for establishing, implementing, maintaining, and continually improving a Quality Management System (QMS) designed to ensure that our products and services are consistently delivered to meet customer, employee and other stakeholder requirements.
We have maintained registration to this standard since December 2004.
Certifications and Memberships
EU-U.S. Privacy Shield
Our participation in the Privacy Shield applies to all personal data that is received from the European Union, European Economic Area and Switzerland. We will comply with the Privacy Shield Principles in respect of such personal data. We also maintain an affirmative commitment to the U.S.-Swiss Safe Harbor Framework and its principles, which will not be affected by our participation in the Privacy Shield.
Our accountability for personal data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.