RingCentral Data Security
RingCentral provides robust security measures to ensure a secure and reliable phone service to your business operation. As a cloud service provider, RingCentral offers several layers of built-in security. These include the physical, infrastructure, host, data, application, and business processes, as well as the enterprise level of your organization.
Customer account security is a shared responsibility between RingCentral and customers. Security is implemented via policies and governance practices (people), within the service development and operations processes (process), and the application and infrastructure layers (technology).
Click here for more information.
• Transmission security
To prevent interception of your communications, RingCentral provides Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between all endpoints.
• Infrastructure security
RingCentral offers the following infrastructure safeguards:
• Network and applications: firewalls and session border controllers
• Administrative functions: multiple authentication levels
• Technology: intrusion-detection systems and fraud analytics
• Operational functions: monitoring, system hardening, and vulnerability scans
• Payment processing: full PCI DSS 3.1 compliance
• Physical and environmental security
The RingCentral platform is deployed across SSAE 16 and ISO 27001-audited data centers, protected by the most robust electronic prevention systems, on-site engineering specialists, and security guards. The geographic diversity of our locations also minimizes the risk of data loss and service interruption due to catastrophe.
• Proactive fraud mitigation
RingCentral prevents toll fraud through access control, detection controls, and usage throttling, and gives you granular control over who gets to make international calls and to where. RingCentral’s security department performs active monitoring to detect and notify customers of anomalous calling patterns on their account.
• FINRA security controls
FINRA’s mission is to protect investors by making sure the United States securities industry operates fairly and honestly. RingCentral has received compliance in security controls for cloud providers established by FINRA to protect all data and information of our customers who are using RingCentral Office and the RingCentral App (Glip).
We regularly undergo independent verification of our security controls to protect our customers’ data and communications and to meet regulatory and compliance needs.
• SOC 2 Type 2 (SOC 2+)
The SOC 2 report validates the effectiveness of our operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.
• SOC 3
Unlike a SOC 2 report, a SOC 3 report can be freely distributed to the public for general use. RingCentral has undergone a third-party audit to certify our services against this standard.
• HIPAA Compliance
The government does not offer a HIPAA certification for business entities. In order to meet the HIPAA security requirements as they apply to our service and operations, RingCentral has implemented the HIPAA security safeguards. We annually undergo a third-party SOC 2+ audit, which includes an assessment of controls mapped to the HIPAA Security Rule requirements, that demonstrates the implementation of the security safeguards and requirements outlined in the HIPAA Security Rule. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.
Check the following for more information.
HIPAA - Overview
Message Storage and Account Data Retention
RingCentral App (Glip) - HIPAA Setting
RingCentral Office and the RingCentral App (Glip) have earned Certified status for information security by HITRUST. HITRUST CSF Certified status indicates that these RingCentral applications have met industry-defined security requirements and are appropriately managing risk. RingCentral is part of an elite group of global organizations that have earned this certification. HITRUST CSF helps organizations address cybersecurity challenges through a comprehensive framework and scalable security controls by including federal and state regulations, standards, and frameworks. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark which organizations apply to safeguard ePHI data.
• Skyhigh Enterprise-Ready (McAfee Enterprise-Ready)
RingCentral Office has earned the Skyhigh’s CloudTrust rating of Enterprise-Ready, the highest rating possible from Skyhigh. Skyhigh provides this status to cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.