Step 6

Accept no compromise on security, business continuity, and compliance

Secure by design no matter where you're working

Protecting customer data - as well as your own - is vital to your reputation and ongoing success. Don’t settle for a new contact centre solution that doesn’t maintain or enhance system security.That’s where tools like 8x8 Secure Pay can enable your contact centre to simply and securely handle payment authorisations as required to meet PCI DSS compliance.When it comes to system reliability, high availability is essential. With a platform-wide 99.999% SLA covering both UC and CC, 8x8 provides the reliability, security, and scalability required to support mission critical communications for world-class organisations. You may also need to consider how your call/screen recording and storage adheres to regulatory requirements. Enjoy peace of mind, knowing all recordings are encrypted.

The 8x8 approach to security and compliance

8x8 has documented its minimum security standards and provides initial and ongoing OWASP principles training to ensure staff practice secure coding. The 8x8 SDLC includes multiple stages of review to ensure this is carried out, including architectural reviews, engineering peer reviews, automated tools, and reviews by security staff. The internal security team continuously operates black and white box penetration testing, and external penetration testing firms are also brought in on a regular basis. 8x8 utilises a bug bounty responsible disclosure process and works with security researchers from around the globe.Security review and testing occurs before entering production. Any security issues found pre-production are remedied. Additional testing is run against production systems (to cover systems which may be unchanged for longer periods of time where vulnerabilities are found by new tests being included into penetration tools). And 8x8 applies vendor
recommended patches in its standard maintenance cycles.

8x8 security and compliance certifications include: 8x8 invites independent third-parties and federal auditors to verify and attest to 8x8’s security processes and status, evidenced by a range of achievements.

FCC Consumer Proprietary Network Information (CPNI)
compliance

Health Insurance Portability and Accountability Act (HIPAA)
compatibility

National Institute of Standards and Technology—NIST 800-53 R5

Federal Information Security Management Act (FISMA) compatibility

Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.

ISO 27001:2013, ISO 9001:2015, and ISO 14001:2015 certified

Certified PCI-DSS 3.2.1 SAQ-D Solution Provider

Data-in-motion encryption with Session Initiation Protocol (SIP) over Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP)

One of the first cloud computing companies to comply with GDPR

UK Government G-Cloud Supplier

UK Government Cyber Plus certificate of assurance

HITRUST Certification

SOC 2 Type 2 Certification

CSA Cyber Trust mark (Advocate Level) certified