Technical Security Architecture

NICE CXone has state-of-the-art security in place to protect your data. The Technical Security Architecture (TSA) guide details how NICE CXone secures your information and the applications that are part of the NICE CXone suite. A technical overview of the material in this guide can be found on the general platform and data protections page.

The TSA guide has two main sections. One section addresses how NICE CXone secures information. The other section covers the layers of security that NICE CXone has in place.

Securing Information

NICE CXone secures information at every step in the information life cycle, from creation to deletion. To do this, CXone classifies, processes, stores, and encrypts information according to regulatory requirements. The securing information section of the TSA covers the following:

1. Connectivity Data Flows. This section shows how data flows between users, organizations, and the NICE CXone suite.

2. Classifying Information. This page shows how information is classified in compliance to regulations.

3. Data Encryption. This page shows general and specific encryption guidelines used to protect your data.

4. Information Life Cycle. This page shows the information life cycle, from the creation of data to its deletion.

5. Data Processing and Storage. This section shows how data is processed and stored in the NICE CXone suite.

Security Layers

There are several security layers that work together to protect your data and the CXone platform. These layers include:

1. Physical Security. The physical security section contains the following:

   • AWS data regions and data centers.

   • Internal security policies.

   • Hardware protections.

2. Compute and Storage Practices. The compute and storage practices page contains the following:

   • Information on the NICE CXone System Development Life Cycle.

   • Storage and infrastructure encryption.

3. Network Security. The network security section details the following:

   • Network design along with boundary and connectivity protection devices.

   • Telecom and global data network architecture.

4. Monitoring and Management. The monitoring and management section details the following:

   • A continuous monitoring program based on regulation.

   • Automated Security Information and Event Management (SIEM) applications.

   • Emergency patch management.

   • Change management.

   • Configuration management.

   • Additional oversight from the NICE CXone Network Operations Center and Cyber Security Operations Center.

5. Compliance. The compliance section details the following:

   • General Data Protection Regulation (GDPR). The GDPR is a set of regulations in the European Union (EU). The purpose of the GDPR is to give end users in the EU greater data protection and privacy.

   • HIPAA. HIPAA (Health Insurance and Portability and Accountability Act) is an act of law in the United States. The purpose of HIPAA is to protect sensitive patient health information from being disclosed.

   • Payment Card Industry (PCI). PCI is a global information security standard. The purpose of PCI is to protect end users' credit card information.

   • FedRAMP. FedRAMP is a government-wide program in the United States. The purpose of FedRAMP is to protect federal information, specifically in cloud services.

   • Service Organization Controls 2 (SOC 2). SOC 2 is a voluntary compliance standard developed by the American Institute of CPAs (AICPA). The purpose of SOC 2 is to protect end-user data.

6. Application Design. The application design section details the following:

   • General application design protections.

   • Disaster recovery policies.

   • The vendor security review process.

   • Other design protections. including risk assessment plans and Distributed Denial of Service (dDoS) protections.