A contact center solution that’s obsessively secure

PureCloud delivers a quality solution while maintaining the confidentiality, integrity, availability and privacy of sensitive data that’s critical to your business and ours.

SSAE 16 Compliance

PureCloud has completed a third-party Statement on Standards for Attestation Engagements (SSAE) 16/ISAE 3402 SOC 2 Type II examination. SSAE 16 conveys our commitment to the highest standards by providing you with assurance of security and privacy controls. A copy of our SSAE16 Attestation can be provided upon request.

About SSAE 16

SSAE 16 is an improvement to the former standard for Reporting on Controls at a Service Organization, the SAS70, with some changes designed to bring companies in the US up to date with new international service organization regulations. SSAE 16 introduces new reporting requirements for service organizations while also illustrating an adoption and convergence of accounting standards between the U.S. based framework and the globally accepted principle (ISAE 3402) for reporting on controls at service organizations.

Encryption at rest and in transit

  •  PureCloud uses HTTPS and TLS to secure all connections to browsers, mobile apps, and other components bi-directionally with AES-256 encryption.
  •  PureCloud makes it easy to encrypt voice traffic with TLS (SIP signaling) and SRTP (IP voice).
  •  Call recordings are encrypted at rest and in transit over public Internet.
  •  AWS S3 buckets for content management and other sensitive data stores provide encryption at rest.
  •  Extensive use of ephemeral storage for databases removes the potential for compromised data from stolen or lost hard drives.
  •  Backups are encrypted in transit and at rest.

PureCloud Resource Center

PureCloud security and compliance detail

Obsessively secure

HIPAA Compliance

PureCloud has also achieved compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and third-party compliance verification.


The PureCloud platform achieved a PCI DSS assessment as a Level 1 Service Provider using version 3.2 of the PCI DSS standard. The Attestation of Compliance will be provided to customers under a non-disclosure agreement.

Amazon Web Services (AWS)

The PureCloud suite of products is built on Amazon Web Services (AWS) which provides the infrastructure for our secure platform. AWS is committed to cloud security and has achieved numerous compliance standards.

Multi-Tenant Security

From the earliest designs of PureCloud in 2012 we have developed our services and communications architecture to enforce separation between data requests for different organizations. PureCloud APIs and internal microservices will not respond to a request or return data with more than one organization in a request. Organization ID and Requester (user) ID are embedded into every secured request and are validated by the services for every call. Read more about multi-tenant security.

Single sign-on (SSO)

PureCloud has full authentication built-in, or you can use one of the industry-standard single sign-on solutions your organization is using (such as Active Directory or SalesForce) to simplify access.

With SSO enabled, users log in the first time with credentials for the identity provider using the same credentials they use to log in to the network and other applications. After that initial sign-in under the single account, they can just click the identity provider link to log in.

PureCloud Edge telephony appliance product compliance

The Edge is our on-site appliance that connects to local phone networks and external phone systems (PSTNs). It also provides security for voice data and voice recordings.

  •  Outbound Protocol HTTPS/TLS
  •  Supports Transport Layer Security (TLS) SIP signaling protocol
  •  Encrypted recordings (AES256 disk level encryption)
  •  Encrypted customer data (AES256 disk level encryption)
  •  All communications between PureCloud Edge and the PureCloud service are encrypted and secure through TLS with mutual authentication
  •  PureCloud Edge Voice calls are, by default, encrypted through the SRTP (IP voice) protocol
  •  PureCloud Edge SIP signaling, by default, is protected through the TLS protocol
  •  Dynamic transcription of VoIP communications when different encryptions are used by both parties
  •  Safety Standards – UL60950-1; FCC 47 CFR part 15 Class B EN300 386, EN 55022, EN 55024

EU-U.S. Privacy Shield

If you are located in the European Economic Area (“EEA”) or Switzerland, Genesys and its controlled United States subsidiaries have certified to the EU-U.S. Privacy Shield and U.S.-Swiss Privacy Shield Frameworks for the transfer of Personal Information from the EEA or Switzerland to the United States, as described in our Privacy Shield Privacy Notice. To learn more about the EU-U.S. or U.S.-Swiss Privacy Shield Framework and to view our certification, please visit www.privacyshield.gov. For more details regarding our privacy policy visit the PureCloud Resource Center.

EU General Data Protection Regulation (GDPR)

We understand our customers will be affected by GDPR and we are actively taking steps to make it easier for our customers to be compliant with all terms of GDPR. As a data processor, Genesys will assist our customers in responding to GDPR inquiries from data subjects. If you will be processing data governed by GDPR, please reach out to us for a copy of our Data Processing Agreement.