RingCentral Compliance Site
Staying compliant together
Existing certifications and documentation
ISO 27001 Certificate
ISO 27017 Certificate
ISO 27018 Certificate
ISO/IEC 27018 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect personally identifiable information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, it takes into consideration the regulatory requirements for the protection of PII, which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services. It is applicable to all types and sizes of organisations, including public and private companies, government entities, and not-for-profit organisations, which provide information processing services as PII processors via cloud computing under contract to other organisations.
ISO 22301 Certificate
ISO 22301 is the international standard for Business Continuity Management (BCM). ISO 22301 is designed to help organisations prevent, prepare for, respond to and recover from unexpected and disruptive incidents. To do so, the standard provides a practical framework for setting up and managing an effective business continuity management system. ISO 22301 aims to safeguard an organisation from a wide range of potential threats and disruptions.
SOC 2+ FINRA CSR, HIPAA Report
The SOC 2 report validates the effectiveness of operating controls as a service organisation against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html
SOC 3 Report
The SOC 3 report provides assurance about the controls at a service organisation relevant to security, availability and confidentiality, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 report. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc3report.html
C5 English Version
This is the English version of the C5 attestation report. The attested report demonstrates RingCentral’s compliance with the C5 framework and standard. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Controls Catalog (C5). C5 is an audited standard that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organisations that work with government.
C5 German Version
This is the German version of the C5 attestation report. The attested report demonstrates RingCentral’s compliance with the C5 framework and standard. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Controls Catalog (C5). C5 is an audited standard that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organisations that work with government.
C5 English Version
This is the English version of the C5 attestation report. The attested report demonstrates RingCentral’s compliance with the C5 framework and standard. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Controls Catalog (C5). C5 is an audited standard that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organisations that work with government.
C5 German Version
This is the German version of the C5 attestation report. The attested report demonstrates RingCentral’s compliance with the C5 framework and standard. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Controls Catalog (C5). C5 is an audited standard that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organisations that work with government.
RingCentral HITRUST Certificate
A HITRUST CSF Certified status indicates that the inscope apps have met industry-defined security requirements and are appropriately managing risk. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organisations address cybersecurity challenges through a comprehensive framework of prescriptive and scalable security controls. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark that organisations apply to safeguard ePHI data. Additional information can be found at https://hitrustalliance.net
RingCentral HITRUST Assessment Letter
A HITRUST CSF Certified status indicates that the inscope apps have met industry-defined security requirements and are appropriately managing risk. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address cybersecurity challenges through a comprehensive framework of prescriptive and scalable security controls. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark that organizations apply to safeguard ePHI data. Additional information can be found at https://hitrustalliance.net
RingCentral Cyber Essentials Plus Certificate
Cyber Essentials Plus is a UK government-backed, industry-supported certification scheme introduced in the UK to help organisations demonstrate operational security against common cyberattacks.
NICE inContact SOC 2 Type 2 Report
The SOC 2 report validates the effectiveness of operating controls as a service organisation against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html Additional information can be found https://hitrustalliance.net
Engage Voice PCI AoC
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).
RingCentral Contact Centre EU – AoC PCI Level 1
The documents are applicable to the Contact Centre service, the interconnect for media (owned and managed by RingCentral), and RingCentral’s unified client for the EU region. Please note: InContact’s PCI AOC for the EU and for North America are applicable if the customer is using the max-integrated softphone, where no media connects back to RingCentral.
RingCentral Contact Centre EU - Matrix of Responsibility PCI Level 1
The documents are applicable to the Contact Centre service, the interconnect for media (owned and managed by RingCentral), and RingCentral’s unified client for the EU region. Please note: InContact’s PCI AOC for the EU and for North America are applicable if the customer is using the max-integrated softphone, where no media connects back to RingCentral.
NICE inContact PCI Responsibility Guide
The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).
NICE inContact CXone - PCI DSS - AOC
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AoC).
SOC 2+ FINRA CSR, HIPAA Report
The SOC 2 report validates the effectiveness of operating controls as a service organisation against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html
SOC 3 Report
The SOC 3 report provide assurance about the controls at a service organisation relevant to security, availability, and confidentiality, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 report. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc3report.html
Americas ISO 27001 Certificate
The International Organisation for Standardisation 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centres, support centres, and data centres are securely managed. These certifications run for three years (renewal audits) and have annual touchpoint audits (surveillance audits).
EMEA ISO 27001 Certificate
The International Organisation for Standardisation 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centres, support centres, and data centres are securely managed. These certifications run for three years (renewal audits) and have annual touchpoint audits (surveillance audits).
Global SOC 2 Type 2 report
The SOC 2 report validates the effectiveness of operating controls as a service organisation against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html