Rest assured knowing your data is secured with end-to-end encryption, stringent access controls and rigorous security policies.
Benefit from an extensive set of compliance certifications and attestations to help you operate within a complex global regulatory environment.
Choose our shared security model to reduce operational responsibilities and costs. Gain greater security than most organizations achieve in-house.
To maintain the confidentiality, integrity and availability of data and services, we use a defense in depth strategy. This approach implements multiple layers of security mechanisms and controls; if one control fails or a vulnerability is exploited, another is in place to help mitigate risk.
All customer data is encrypted both in transit and at rest: AES 256 key encryption for data at rest and HTTPS with TLS 1.2 or higher encryption for data in transit. Beyond platform-level encryption, we use unique encryption keys for each organization for sensitive data like call recordings.
As the focus on privacy increases worldwide, staying informed on evolving regulations and regional standards can be challenging. Our privacy standards and configurable tools help customers meet their global data privacy needs across a variety of industries and locations.
Streamline access with single-sign-on using SAML 2.0 third-party providers. Multi-factor authentication adds an extra layer of protection. Configurable access privileges use least-privilege principle and role-based control mechanisms, while audit logs track user activity.
Within Amazon Web Services (AWS), Genesys Cloud production services and customer data are logically isolated in a virtual private cloud (VPC) for increased security. All connections to VPC are secured via HTTPS and TLS 1.2 over the public internet. We follow AWS best practices for the security group, load balancer and routing configurations.
The platform API follows the OAuth 2.0 specification for secure authorization. Rate limits ensure platform stability and protect against malicious denial-of-service attacks. And RESTful APIs offer inherent security advantages, enabling encrypted data transfers, statelessness and granular access control.
We conduct continuous vulnerability scanning, penetration tests and pre-deployment checks to preempt any potential risks. Host-based and network-based intrusion detection systems monitor for suspicious activities. Identified security risks are assigned for prompt remediation.
AWS provides data center security. Controls include perimeter security, such as fencing, walls, security staff, video surveillance and intrusion detection systems. Physical access to AWS data centers is logged, monitored and retained, reducing the risk of insider security threats.
Genesys employs a full-time Information Security and Compliance team that’s focused on security, auditing, compliance and risk management. Also, all employees are required to successfully complete security and compliance training on an annual basis.
The Genesys Cloud™ platform is trusted by thousands of customers worldwide to safeguard their data — including those in highly regulated industries, such as the public sector, financial services, healthcare and utilities.
Our comprehensive security approach spans our applications, infrastructure, processes and people. This ensures that your customer and business information remains secure, compliant and accessible — so you can stop worrying about security and focus on improving the customer experience.
The security of our service is instrumental in maintaining the trust our customers place in Genesys. Our comprehensive approach to security is embedded across our platform, processes and culture. It’s based on the principles of informed oversight, effective risk management, consistent security practices, rigorous audits, continuous feedback and full transparency.
Our top priority is to keep your data secure and your business protected — so you can have peace of mind.
Managing security and compliance is a shared responsibility between Genesys, our cloud service provider and our customers. AWS operates and manages the security and compliance of the cloud computing infrastructure. Genesys manages security in the cloud. And the end customer is responsible for security within their Genesys Cloud organization. This distribution of responsibilities relieves your operational burden and is typically more cost-effective than maintaining the same depth of security in-house.
Integrating security protocols or measures into existing software is good practice. But having cloud-native security built right into the software from day one is even better. Security is deeply embedded in the DevOps practices at Genesys. Following the principles of security by design, our development teams are regularly trained on web application security and independent product security teams ensure new features go through rigorous security code reviews and testing prior to release.
Navigating global regulatory compliance in today’s digital-first world is complex, but the right partner can help simplify matters. Genesys is aligned with industry best practices, relevant and appropriate international standards, and — where applicable — national legislation.
Maintaining our extensive compliance portfolio demonstrates our capabilities and commitment to delivering a secure platform that helps you meet and exceed your regulatory and compliance needs, no matter which industry or geography you serve.
At Genesys, we prioritize openness and transparency in how we operate. Our Trust Center offers detailed insights into our security best practices and our extensive industry and regulatory compliance portfolio. You can easily access Genesys Cloud legal agreements, including our privacy policy and SLA.
We also provide a status portal for real-time and historical operational performance of Genesys Cloud, plus scheduled maintenance. And you can read about our AI ethics framework and sustainability efforts, which underscore our dedication to contributing positively to our planet’s future.
The costs of poor security measures are high: reputational damage, loss of consumer trust and confidence, potential lawsuits and a decreasing bottom line. It’s clear: companies that neglect security will see their customers turn to others that provide it.
By partnering with Genesys, you’ll gain the knowledge and tools needed to meet today’s global data security and compliance standards. Get in touch to learn how we can help.
We’ll contact you directly to set up a date and time that works with your schedule.
Contact center compliance refers to adhering to a set of regulations, standards and guidelines set by local, federal and global regulatory and legislative bodies. A security and compliance contact center is essential to provide excellent customer service, maintain customer trust by securing personal data, ensure business continuity and avoid fines and penalties.
Depending on the country, the industry or specific business, the rules contact centers have to follow can vary. In general, these laws and guidelines are drafted to prevent fraud and data breaches while maintaining data privacy and security.
Though industry standards for call center compliance can differ around the world, there are a few well-known examples. This includes laws such as the Telephone Consumer Protection Act (TCPA), the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI-DSS), which is designed to protect cardholder data.
Genesys engages multiple independent third-party organizations on a periodic basis to perform audits required for the certifications we maintain. Additionally, our legal team regularly reviews rules and regulations for any legislative or regulatory changes/additions. If necessary, updates are made to our call center security policies and procedures to align with the latest standards.
Yes. Potential security incidents detected within or affecting the Genesys Cloud platform are reported to our dedicated Security Incident Response Team, who will activate and follow the Genesys Incident Response Plan that includes detailed security incident handling procedures for analysis, containment, removal and recovery with minimal impact to confidentiality, integrity or availability.