Other Regulations

Payment Card Industry (PCI)

Every year, an Internal Security Assessor (ISA) assesses the NICE CXone cloud-based contact center solution. The assessment checks NICE CXone compliance with the Payment Card Industry Data Security Standard (PCI DSS). It is currently based on PCI DSS 3.2. Business units can communicate requirements to their PCI assessors. Doing so removes the need to run the same test twice, making PCI certification easier.

NICE CXone tests against PCI DSS controls. We currently test for the previous full year. NICE CXone offers the following to business units with their contract:

• An Attestation of Compliance (AOC).

• A PCI Responsibility Matrix.

We offer the same to prospective business units with a non-disclosure agreement (NDA).

FedRAMP

NICE CXone is authorized to sell in the Federal Risk and Authorization Management Program (FedRAMP) market space. We are allowed via an Authorization to Operate (ATO). Our FedRAMP environment meets the stringent risk management requirements of US federal agencies.

NICE CXone works to mitigate the risks to business unit's data. We also work to increase the security and safety of the data in our FedRAMP environment. With our ATO, federal agencies can integrate our software. With our software, they can take advantage of previously unavailable cloud benefits.

Service Organization Controls 2 (SOC 2)

NICE CXone tests against the SOC from the AICPA SOC reporting framework. We issue an AT 101 SOC 2 report (SOC 2 Type II). We test for the previous full year. NICE CXone performs these tests on a schedule appropriate to data expiration. There may be a gap between the expiration and the issuing of the next report. If so, then a bridge letter is made available tobusiness units.