Supported security standards
Genesys Cloud supports various industry standard security practices and operational controls. It is certified to meet the requirements of several industry-specific standards listed below.
| Industry Standards / Certifications | Genesys Cloud Support | Region | Description |
|---|---|---|---|
Global | Payment Card Industry Data Security Standards. PCI DSS is the globally recognized standard for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data. | ||
Yes | Global | SOC 1 Type 2 is an independent report on management’s description of the Genesys Cloud CX platform and on the suitability of the design and operating effectiveness of controls in accordance with SSAE 18. SOC 1 reports are primarily concerned with controls that are relevant for the financial reporting of customers. | |
Yes | Global | SOC 2 Type 2 is an independent report on the description of the Genesys Cloud CX platform and on the suitability of the design and operating effectiveness of its controls relevant to security, availability, and integrity, pursuant to SOC 2 Type 2 examination under ISAE 3000. | |
Yes | Global ** | ISO 27001:2022 is a globally recognized standard for an information security management system (ISMS). Achieving the certification demonstrates the application of the ISMS principles, as well as the application of ISO 27002:2013 controls to secure and protect organizational data within the scope of the certification. | |
Yes | Global ** | ISO 27017:2015 extends the security controls of ISO 27002:2013 to cloud environments. For Genesys Cloud CX, it’s achieved in conjunction with ISO 27001, which involves external verification that the controls are managed, sustained, and applied appropriately. | |
Yes | Global ** | SO 27018:2019 is the globally recognized certification extension to ISO 27001:2013 for cloud privacy. Achieving the extension certification demonstrates the application of ISO 27002:2013 controls to secure Personally Identifiable Information (PII)/ privacy data in the cloud. | |
Yes | Global * | CAIQ is an industry-accepted way to document what security controls exist in our SaaS solutions, providing security control transparency through compliance with the Cloud Controls Matrix. | |
Yes | EMEA | The cloud computing compliance criteria catalogue (C5) defines a baseline security level for cloud computing. It’s used by professional cloud service providers, auditors, and cloud customers. | |
Americas | Compliance with the Health Insurance Portability & Accountability Act (HIPAA) demonstrates assurance through effectiveness of security controls that health information is secured and protected. | ||
Yes | Americas ** | Health Information Trust Alliance (HITRUST) assures internal and external stakeholders of the current state of information security and compliance, with Genesys Cloud CX providing greater assurance through the attainment of the externally validated “gold standard” two-year assessment. |
Notes:
- * Roadmap for US-East-2 (FedRAMP region)
- ** Not available in US-East-2 (FedRAMP region)
[NEXT] Was this article helpful?
Get user feedback about articles.