NiCE TRUST CENTER

Stringent security requirements have evolved in the cloud services space. Within CCaaS, some industry standard requirements must also be followed to protect customer data, including PCI-DSS, ISO 27001, SOC 2+HITRUST, IRAP, and FedRAMP. Privacy standards such as PCI compliance, HIPAA compliance, and GDPR compliance. 

NiCE operates a 24/7 Cybersecurity Operations Center (CSOC) that monitors for threats using SIEM tools. In the event of a "Security Incident," NiCE follows a comprehensive Information Security Incident Response Plan (ISIRP), notifying affected clients and providing details on the nature of the impact and remediation steps taken. 

We take a proactive approach to security through continuous vulnerability assessment and management. This includes real-time anti-virus monitoring, automated scanning in the deployment pipeline, regular vulnerability scans, and regular internal reviews to identify, prioritize, and remediate risks.

Data protection is managed through industry-standard encryption (AES and TLS) for data both at rest and in transit. NiCE enforces RBAC, "Need to Know," and "Least Privilege" principles. Internal access requires unique credentials, strong password policies (complexity, rotation, timeouts), and mandatory MFA for internal NiCE users. Customers can also enable MFA. Provisioning requires managerial approval via change control. Finally, quarterly reviews and automated scripts disable inactive accounts to ensure only authorized personnel retain access. 

Our Business Continuity service is a built-in feature of NiCE’s platform that ensures continued operations during outages or system failures. It provides geo-diverse processing centers in two availability zones and is active-active. It provides the optional configuration to use a secondary, geographically separate environment—called a Business Continuity Tenant—maintained in a warm-standby state, ready to take over if the Primary Tenant becomes unavailable.  It can be activated within minutes, minimizing downtime and service disruption.    

NiCE ensures agentic AI can safely execute complex functions while maintaining compliance with proper guardrails, role permissions and human oversight. Our agentic AI is built with enterprise-grade security and governance such as audit trails and logging, configurable approval workflows, and integrations with identity and access management systems.  

NiCE operates under a comprehensive AI governance framework designed to deliver trustworthy AI through responsible AI practices. This framework ensures that all initiatives are strategically aligned with AI ethics and transparency. This approach integrates robust AI risk management and AI safety practices, including bias assessments and aggregate testing. NiCE enforces strict governance of AI models throughout their entire lifecycle. This proactive oversight ensures that our technologies remain secure, fair, and reliable for all users.