General Platform and Data Protections

CXone Mpower is intelligently designed to be both secure and accessible. This page describes the general protections that NICE has in place to safeguard the CXone Mpower platform and your data.

Your data is protected by:

  • Redundant databases using real-time replication

  • High-performance hardware storage systems

  • Encryption of data at rest

  • HTTPS

  • Secure File Transfer Protocol (SFTP)

  • Secure Data Transfer

Computer and Data Networks

The CXone Mpower computer and data networks are secure, redundant, and scalable. Amazon Web Services (AWS), a digital cloud provider, provides multiple zones for failover. Amazon cites 99.999999999% durability or protection against data loss. CXone Mpower leverages two availability zones. Availability zones are locations within an AWS region. They are engineered to be isolated from failures in other zones. Leveraging two availability zones ensures 99.99% availability of the CXone Mpower suite. CXone Mpower also has storage APIClosed APIs allow you to automate certain functionality by connecting your CXone Mpower system with other software your organization uses. servers in each AWS and CXone Mpower availability zone to ensure additional redundancy. Each API server is able to process the entire load in case of failover.

Data Processing Centers

NICE data processing centers for CXone Mpower are located in different geographical areas, allowing you to have a global reach. CXone Mpower has data centers in the following locations.

  • EMEA: Europe, South Africa, UK, UAE

  • APAC: Asia, Singapore, Japan, India, Australia, New Zealand

  • CALA/LATAM: Caribbean/Latin America, Brazil

  • NORTH AMERICA: Canada, US

CXone Mpower data processing centers are designed with technology that provides protection against natural and man-made disasters. NICE maintains a Resiliency Event Management Plan (DR/BC) and an Incident Management Plan for CXone Mpower. These plans use many available and redundant services, systems, and hardware used to protect your data.

Cloud Applications

CXone Mpower cloud applications are developed with secure coding management and practices using multiple tools, including:

  • Microsoft Team Foundation Server (TFS)

  • GitHub

  • Jenkins

  • Multiple AWS tools

Monitoring

  • All systems are monitored at multiple levels, including:

    • Logical

    • Functional

    • Environmental.

  • The NICE CXone Mpower Network Operations Center (NOC) monitors hardware and application status 24 x 7 x 365.

  • System logs are monitored through Security Information and Event Monitoring (SIEM) applications.

  • CXone Mpower is monitored by third-party vulnerability and penetration tests, and methodologies.

  • CXone Mpower uses industry-leading intrusion detection and protection technologies. These technologies are employed through CXone Mpower routers, firewalls, and switches.

  • NICE services for CXone Mpower sit behind layers of protection practices. The network is managed and monitored at all times. The CXone Mpower infrastructure monitors the following with visual, audible, and email alerts:

    • The physical environment

    • Hardware

    • Network

    • Applications

  • Trained network analysts can identify, correct, and escalate issues that impact CXone Mpower services. They employ Microsoft Dynamics (MSD) for digital forensics. These analysts fall under the Information Security Group. The Information Security Group has a separate administrative line from the NOC to ensure redundancy.

Compliance

CXone Mpower has the following security and compliance infrastructures and industry standard practices in place:

  • SOC Type 2 (AICPA) audited data centers

  • PCI DSS Level 1 and 2 compliance

  • HITRUST (HIPAA) within a SOC 2 Type 2

  • GDPR Type 1 Third-Party Assessment, and a GDPR statement (position paper, compliant through DPA)

    • Article 15: verification

    • Article 16: rectification

    • Article 17: erasure

    • Article 18: restriction

    • Article 19: portability

  • ISO 27001

  • Sarbanes Oxley (SOC) 404 Report

  • SIG (Standard Information Gathering)

  • Core self-assessment and CSA CAIQ (Consensus Assessments Initiative Questionnaire v3.0.1)

  • FedRAMP (within a discrete, isolated platform environment)

  • Red Flag Rule compliance

  • Change control policies and management

  • Regular and timely security patch management

  • Disaster recovery/business continuity (resiliency event management) planning

  • Regular security awareness and policy training