03/21/19 20:41 PM  

Data Security | RingCentral

« Go Back


SummaryThis article provides information about RingCentral's Data Security.

RingCentral Data Security

RingCentral provides robust security measures to ensure a secure and reliable phone service to your business operation. As a cloud service provider, RingCentral offers several layers of built-in security. These include the physical, infrastructure, host, data, application, and business processes, as well as the enterprise level of your organization.

Customer account security is a shared responsibility between RingCentral and customers. Security is implemented via policies and governance practices (people), within the service development and operations processes (process), and the application and infrastructure layers (technology).

Click here for more information.

• Transmission security

To prevent interception of your communications, RingCentral provides Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between all endpoints.

Infrastructure security

RingCentral offers the following infrastructure safeguards:

• Network and applications: firewalls and session border controllers

• Administrative functions: multiple authentication levels

• Technology: intrusion-detection systems and fraud analytics

• Operational functions: monitoring, system hardening, and vulnerability scans

• Payment processing: full PCI DSS 3.1 compliance

Physical and environmental security

The RingCentral platform is deployed across SSAE 16 and ISO 27001-audited data centers, protected by the most robust electronic prevention systems, on-site engineering specialists, and security guards. The geographic diversity of our locations also minimizes the risk of data loss and service interruption due to catastrophe.

Proactive fraud mitigation

RingCentral prevents toll fraud through access control, detection controls, and usage throttling, and gives you granular control over who gets to make international calls and to where. RingCentral’s security department performs active monitoring to detect and notify customers of anomalous calling patterns on their account.

FINRA security controls

FINRA’s mission is to protect investors by making sure the United States securities industry operates fairly and honestly. RingCentral has received compliance in security controls for cloud providers established by FINRA to protect all data and information of our customers who are using RingCentral Office and the RingCentral App (Glip).


We regularly undergo independent verification of our security controls to protect our customers’ data and communications and to meet regulatory and compliance needs.

SOC 2 Type 2 (SOC 2+)

The SOC 2 report validates the effectiveness of our operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. RingCentral annually undergoes a third-party audit to certify our services against this standard. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.


Unlike a SOC 2 report, a SOC 3 report can be freely distributed to the public for general use. RingCentral has undergone a third-party audit to certify our services against this standard.

HIPAA Compliance

The government does not offer a HIPAA certification for business entities. In order to meet the HIPAA security requirements as they apply to our service and operations, RingCentral has implemented the HIPAA security safeguards. We annually undergo a third-party SOC 2+ audit, which includes an assessment of controls mapped to the HIPAA Security Rule requirements, that demonstrates the implementation of the security safeguards and requirements outlined in the HIPAA Security Rule. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.

Check the following for more information.

HIPAA - Overview
Message Storage and Account Data Retention
RingCentral App (Glip) - HIPAA Setting


RingCentral Office and the RingCentral App (Glip) have earned Certified status for information security by HITRUST. HITRUST CSF Certified status indicates that these RingCentral applications have met industry-defined security requirements and are appropriately managing risk. RingCentral is part of an elite group of global organizations that have earned this certification. HITRUST CSF helps organizations address cybersecurity challenges through a comprehensive framework and scalable security controls by including federal and state regulations, standards, and frameworks. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark which organizations apply to safeguard ePHI data.

Skyhigh Enterprise-Ready (McAfee Enterprise-Ready)

RingCentral Office has earned the Skyhigh’s CloudTrust rating of Enterprise-Ready, the highest rating possible from Skyhigh. Skyhigh provides this status to cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Was this information helpful?

Tell us why and what can we do to improve this information