General Platform and Data Protections
CXone is intelligently designed to be both secure and accessible. This page describes the general protections that NICE CXone has in place to safeguard the CXone platform and your data.
Your data is protected by:
-
Redundant databases using real-time replication
-
High-performance hardware storage systems
-
Encryption of data at rest
-
HTTPS
-
Secure File Transfer Protocol (SFTP)
-
Secure Data Transfer
Computer and Data Networks
The CXone computer and data networks are secure, redundant, and scalable. Amazon Web Services (AWS), a digital cloud provider, provides multiple zones for failover. Amazon cites 99.999999999% durability or protection against data loss. CXone leverages two availability zones. Availability zones are locations within an AWS region. They are engineered to be isolated from failures in other zones. Leveraging two availability zones ensures 99.99% availability of the NICE CXone suite. CXone also has storage API APIs allow you to automate certain functionality by connecting your CXone system with other software your organization uses. servers in each AWS and CXone availability zone to ensure additional redundancy. Each API server is able to process the entire load in case of failover.
Data Processing Centers
NICE CXone data processing centers are located in different geographical areas, allowing you to have a global reach. CXone has data centers in the following locations.
-
EMEA: Europe, South Africa, UK, UAE
-
APAC: Asia, Singapore, Japan, India, Australia, New Zealand
-
CALA/LATAM: Caribbean/Latin America, Brazil
-
NORTH AMERICA: Canada, US
CXone data processing centers are designed with technology that provides protection against natural and man-made disasters. NICE CXone maintains a Resiliency Event Management Plan (DR/BC) and an Incident Management Plan. These plans use many available and redundant services, systems, and hardware used to protect your data.
Cloud Applications
CXone cloud applications are developed with secure coding management and practices using multiple tools, including:
-
Microsoft Team Foundation Server (TFS)
-
Github
-
Jenkens
-
a range of AWS tools
Monitoring
-
All systems are monitored at multiple levels, including:
-
Logical
-
Functional
-
Environmental.
-
-
The NICE CXone Network Operations Center (NOC) monitors hardware and application status 24 x 7 x 365.
-
System logs are monitored through Security Information and Event Monitoring (SIEM) applications.
-
CXone is monitored by third-party vulnerability and penetration tests, and methodologies.
-
CXone uses industry-leading intrusion detection and protection technologies. These technologies are employed through CXone routers, firewalls, and switches.
-
NICE CXone services sit behind layers of protection practices. The network is managed and monitored at all times. The CXone infrastructure monitors the following with visual, audible, and email alerts:
-
The physical environment
-
Hardware
-
Network
-
Applications
-
-
Trained network analysts can identify, correct, and escalate issues that impact CXone services. They employ Microsoft Dynamics (MSD) for digital forensics. These analysts fall under the Information Security Group. The Information Security Group has a separate administrative line from the NOC to ensure redundancy.
Compliance
CXone has the following security and compliance infrastructures and industry standard practices in place:
-
SOC Type 2 (AICPA) audited data centers
-
PCI DSS Level 1 and 2 compliance
-
HITRUST (HIPAA) within a SOC 2 Type 2
-
GDPR Type 1 Third-Party Assessment, and a GDPR statement (position paper, compliant through DPA)
-
Article 15: verification
-
Article 16: rectification
-
Article 17: erasure
-
Article 18: restriction
-
Article 19: portability
-
-
ISO 27001
-
Sarbanes Oxley (SOC) 404 Report
-
SIG (Standard Information Gathering)
-
Core self-assessment and CSA CAIQ (Consensus Assessments Initiative Questionnaire v3.0.1)
-
FedRAMP (within a discrete, isolated platform environment)
-
Red Flag Rule compliance
-
Change control policies and management
-
Regular and timely security patch management
-
Disaster recovery/business continuity (resiliency event management) planning
-
Regular security awareness and policy training