Technology

Comprehensive security for peace of mind

Protect your data and communications against fraud and abuse.

Seven layers of security

RingCentral gives you added peace of mind by instituting robust security measures at every level of our architecture and processes. These include the physical, network, host, data, application, and business processes, as well as the enterprise level of your organization.

Transmission security

To prevent interception of your communications, RingCentral provides Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between all endpoints.

Infrastructure security

RingCentral offers the following infrastructure safeguards:
  • Network and applications: firewalls and session border controllers
  • Administrative functions: multiple authentication levels
  • Technology: intrusion-detection systems and fraud analytics
  • Operational functions: monitoring, system hardening, and vulnerability scans
The Path to Secure, Reliable, and High-Quality Service

Physical and environmental security

The RingCentral platform is deployed across SSAE 18 and ISO 27001-audited data centers, protected by the most robust electronic prevention systems, on-site engineering specialists, and security guards. The geographic diversity of our locations also minimizes the risk of data loss and service interruption due to a catastrophe.

Proactive fraud mitigation

RingCentral prevents toll fraud through access control, detection controls, and usage throttling and gives you granular control over who gets to make international calls and to where. Plus, our global security department actively monitors your account to detect irregular calling patterns and prevent fraudulent charges.

The most secure business communications guaranteed

We regularly undergo independent verification of our security controls to protect our customers’ data and communications and to meet regulatory and compliance needs.

ISO 27001
ISO 27001
RingCentral is ISO/IEC 27001 certified, the most widely recognized international standard for information security. 
 
ISO 27001 certification demonstrates that RingCentral has a robust security program, with rigorous management activity and technical controls in place to meet the confidentiality, integrity, and availability (CIA) principles of information security.
 
Click here to access the RingCentral ISO 27001 certificate.
ISO 27017
ISO 27017
RingCentral is ISO/IEC 27017 certified, an internationally recognized code of practice that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific information security controls.
 
Our ISO/IEC 27017 certification demonstrates that RingCentral extends our disciplined information security management system (ISMS) to the operation of our cloud services. This certification illustrates that our system of security management activities and our technical measures include controls that are specific to the operation of cloud services.
 
The International Accreditation Forum (IAF) no longer permits the issuance of individual certification to ISO/IEC 27017:2015 and ISO/IEC 27018:2019. Click here to view RingCentral’s ISO/IEC 27001:2013 certification, which extends to the additional requirements described within both ISO/IEC 27017:2015 and ISO/IEC 27018:2019.
ISO 27018
ISO 27018
RingCentral is ISO/IEC 27018 certified, an internationally recognized code of practice for protecting personal data (PII) in the cloud.
 
Our ISO/IEC 27018 certification demonstrates RingCentral’s commitment to the privacy of our customers’ data. It extends our information security management system (ISMS) to our role as a cloud service provider (CSP) acting as a processor for our customers’ personally identifiable information (PII), with specific consideration given to implementing controls for protecting PII.
 
The International Accreditation Forum (IAF) no longer permits the issuance of individual certification to ISO/IEC 27017:2015 and ISO/IEC 27018:2019. Click here to view RingCentral’s ISO/IEC 27001:2013 certification, which extends to the additional requirements described within both ISO/IEC 27017:2015 and ISO/IEC 27018:2019.
SOC 2 Type II
SOC 2 Type II
The SOC 2 report validates the effectiveness of our operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.
SOC 3
SOC 3
Unlike a SOC 2 report, a SOC 3 report can be freely distributed to the public for general use. RingCentral has undergone a third-party audit to certify our services against this standard. RingCentral has following SOC3 reports available for its products and services:
RC Office
RingCentral Video
Engage Voice
Engage Digital
HIPAA
HIPAA compliance
The government does not offer a HIPAA certification for business entities. In order to meet the HIPAA security requirements as they apply to our service and operations, RingCentral has implemented the HIPAA security safeguards. We annually undergo a third-party SOC 2+ audit, which includes an assessment of controls mapped to the HIPAA Security Rule requirements, that demonstrates the implementation of the security safeguards and requirements outlined in the HIPAA Security Rule. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.
HITRUST
HITRUST
RingCentral Office and the RingCentral app have earned Certified status for information security by HITRUST. HITRUST CSF Certified status indicates that these RingCentral apps have met industry-defined security requirements and are appropriately managing risk. RingCentral joins an elite group of global organizations that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address cyber security challenges through a comprehensive framework of prescriptive and scalable security controls. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark which organizations apply to safeguard ePHI data. Click here to access RingCentral’s HITRUST certifications.
McAfee
McAfee Enterprise-Ready™  Cloud Services (previously known as SkyHigh Enterprise-Ready)
RingCentral Office has earned the McAfee CloudTrust™  Program seal of Enterprise-Ready. This status is provided to cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
“RingCentral's security policy and technology have been vetted by its largest carrier partners—AT&T, BT and TELUS—all of which are very security-minded.”
IDC, January 2016

Enterprise-grade protection

When it comes to cloud security and protection of your data and communications, we consistently earn high ratings from leading industry analysts. Read more about what they have to say about our secure cloud services.

Free Trial
Close X