RingCentral Compliance Site

Staying compliant together

RingCentral maintains a comprehensive set of compliance certifications and attestations to protect our customers’ data and communications.
Sort by
31 case studies match selected filters
See results
Region
Types
Upcoming region

Existing certifications and documentation

If you have additional questions, please reach out to your RingCentral account manager or sales rep to chat about your business goals. 
RingCentral Office

ISO 27001 Certificate

The ISO/IEC 27001 standard is widely known, providing requirements for an information security management system (ISMS). ISO 27001 certification demonstrates a robust security program, with rigorous management activity and technical controls in place to meet the confidentiality, integrity, and availability (CIA) principles of information security. RingCentral’s ISO/IEC 27001:2013 certification also extends to the additional requirements described within both ISO/IEC 27017:2015 and ISO/IEC 27018:2019.
RingCentral Office

ISO 27017 Certificate

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services. This international standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
RingCentral Office

ISO 27018 Certificate

ISO/IEC 27018 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect personally identifiable information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, it takes into consideration the regulatory requirements for the protection of PII, which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services. It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
RingCentral Office

SOC 2+ FINRA CSR, HIPAA Report

The SOC 2 report validates the effectiveness of operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html

RingCentral Office

SOC 3 Report

The SOC 3 report provides assurance about the controls at a service organization relevant to security, availability and confidentiality, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 report. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc3report.html

RingCentral Office

C5 English Version

This is the English version of the C5 attestation report. The attested report demonstrates RingCentral’s compliance with the C5 framework and standard. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Controls Catalog (C5). C5 is an audited standard that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. More information can be found at https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Controls_Catalogue/Compliance_Controls_Catalogue_node.html

RingCentral Office

C5 German Version

This is the German version of the C5 attestation report. The attested report demonstrates RingCentral’s compliance with the C5 framework and standard. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Controls Catalog (C5). C5 is an audited standard that establishes a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. More information can be found at https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Controls_Catalogue/Compliance_Controls_Catalogue_node.html

RingCentral Office

RingCentral HITRUST Certificate

A HITRUST CSF Certified status indicates that the inscope apps have met industry-defined security requirements and are appropriately managing risk. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address cybersecurity challenges through a comprehensive framework of prescriptive and scalable security controls. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark that organizations apply to safeguard ePHI data. Additional information can be found at https://hitrustalliance.net

RingCentral Inc.

PCI Certificate US (as a merchant)

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. RingCentral as a merchant is PCI DSS compliant meaning it is consistently adhering to a set of guidelines set forth by the PCI Standards Council when processing customer credit card data. Additional information can be found at https://www.pcisecuritystandards.org/

RingCentral Inc.

PCI Certificate UK (as a merchant)

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. RingCentral as a merchant is PCI DSS compliant meaning it is consistently adhering to a set of guidelines set forth by the PCI Standards Council when processing customer credit card data. Additional information can be found at https://www.pcisecuritystandards.org/

RingCentral Office

Consensus Assessment Initiative Questionnaire (CAIQ) v3.1

The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of yes/no questions that a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM). More informition could be found at https://cloudsecurityalliance.org/artifacts/consensus-assessments-initiative-questionnaire-v3-1/

RingCentral UK/EU Service offering

RingCentral Cyber Essentials Plus Certificate

Cyber Essentials Plus is a UK government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyberattacks.

RingCentral Contact Center

NICE inContact SOC 2 Type 2 Report

The SOC 2 report validates the effectiveness of operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html Additional information can be found https://hitrustalliance.net

Engage Voice

Engage Voice PCI Certificate

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).

Engage Voice

Engage Voice PCI AoC

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).

RingCentral Contact Center

RingCentral Contact Center EU - PCI Level 1 Certificate

The documents are applicable to the Contact Center service, the interconnect for media (owned and managed by RingCentral), and RingCentral’s unified client for the EU region. Please note: InContact’s PCI AOC for the EU and for North America are applicable if the customer is using the max-integrated softphone, where no media connects back to RingCentral.

RingCentral Contact Center

RingCentral Contact Center EU – AoC PCI Level 1

The documents are applicable to the Contact Center service, the interconnect for media (owned and managed by RingCentral), and RingCentral’s unified client for the EU region. Please note: InContact’s PCI AOC for the EU and for North America are applicable if the customer is using the max-integrated softphone, where no media connects back to RingCentral.

RingCentral Contact Center

RingCentral Contact Center EU - Matrix of Responsibility PCI Level 1

The documents are applicable to the Contact Center service, the interconnect for media (owned and managed by RingCentral), and RingCentral’s unified client for the EU region. Please note: InContact’s PCI AOC for the EU and for North America are applicable if the customer is using the max-integrated softphone, where no media connects back to RingCentral.

RingCentral Contact Center

NICE inContact PCI Responsibility Guide

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).

RingCentral Contact Center

NICE inContact (CXone Voice AMER) - PCI DSS - AOC

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).

RingCentral Contact Center

NICE inContact (CXone Voice APAC) - PCI DSS - AOC

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).

RingCentral Contact Center

NICE inContact (CXone Voice EMEA) - PCI DSS - AOC

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).

Engage product (ED+EV)

SOC 2+ FINRA CSR, HIPAA Report

The SOC 2 report validates the effectiveness of operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html

Engage product (ED+EV)

SOC 3 Report

The SOC 3 report provide assurance about the controls at a service organization relevant to security, availability, and confidentiality, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 report. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc3report.html

Equinix Data Center

Americas ISO 27001 Certificate

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers, and data centers are securely managed. These certifications run for three years (renewal audits) and have annual touchpoint audits (surveillance audits).

Equinix Data Center

EMEA ISO 27001 Certificate

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers, and data centers are securely managed. These certifications run for three years (renewal audits) and have annual touchpoint audits (surveillance audits).

Equinix Data Center

Americas SOC 2 Type 2 report

The SOC 2 report validates the effectiveness of operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html

Equinix Data Center

EMEA SOC 2 Type 2 report

The SOC 2 report validates the effectiveness of operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. The reports cover controls around availability, security, and confidentiality of customer data. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html

Sorry! There are no results based on filtered selections. Clear filters or try again.
Your safety and security is our top priority