Call Center Security & Privacy Management Software | Five9
Regional Privacy Compliance
The Five9 Intelligent Cloud Contact Center service also offers various features required for our customers which support compliance with regional privacy regulations including, but not limited to, CCPA/CPRA in California and PIPEDA in Canada. Five9 policies, procedures, and our product features support requirements associated with information security, breach management, content management, data visibility, individual data rights management, data residency, and records management.
Five9 partners with customers to understand a customer’s regional privacy requirements and delivers solutions that comply with regional regulations.
Ongoing Security and Privacy Training
Five9 provides ongoing information security, regulatory compliance, and privacy training to all workforce members to ensure a common understanding of applicable data protection laws and regulations, as well as how to detect and report security issues to executive management. Ongoing training is designed to promote a culture of compliance and reinforces the concept of data protection accountability at all levels of the company.
How We Keep Your Data Secure
Cloud Security & Data Protection
Five9 secures our cloud infrastructure by utilizing the standards and best practices established by ISO 27001/27002, COBIT, PCI DSS, NIST, and Cloud Security Alliance (CSA).
Secure Data Centers
Our data centers are regularly audited under AICPA AT 101 or SSAE 18 standards demonstrating robust data protection controls such as two-factor building access (badge and biometrics), 24/7 on-site security, video monitoring, and more. We also use process safeguards to ensure that employee access is controlled appropriately.
Security Patch Management
We update our systems based on our patch management policy and internal operating level agreements to ensure all systems have the very latest critical security and anti-virus patches.
Intrusion Detection and Prevention/Vulnerability Management
Our real-time intrusion detection and prevention vulnerability detection systems run around the clock to immediately identify and respond to any threats.
The Five9 Virtual Contact Center (VCC) is designed with security features that protect our customers‘ data in transit and at rest, and prevent unauthorized access to our customers‘ instances of the solution.
User passwords are hashed, and password policies can be configured to include requirements for complexity, expiration periods, password history, and user lockouts based on our customers‘ security policies. User access can also be limited to whitelisted IP addresses.
Data at Rest
Interactive Voice Response (IVR) features can be configured to require encryption and configured to not store sensitive data fields in logs or in the database. Additionally, customer data is partitioned within our multi-tenant infrastructure so that it cannot be viewed by another customer.
Data in Transit
All voice and data transmissions between Five9 and your network can be secured using protocols such as HTTPS, Secure FTP(sFTP), and Secure RTP(sRTP) and a site to site VPN.
In addition to the above security measures, Five9 provides capabilities that help our customers ensure continuity during natural disasters or other unforeseen events that can potentially disrupt operations of an entire region. Customers can opt for geographic redundancy, ensuring that their operations transition between our geographically-distributed data center within minutes after an event. Five9 also backs up customer data to another facility to ensure against data loss in the event of a natural disaster at our primary data center.
Community of Cloud Security Experts
The Five9 Cloud Security Office is helping our industry drive towards more effective safeguards against data breaches and loss. Team members possess advanced degrees in computer science and related fields and receive continuing education and training on emerging threats and defenses. Our security, compliance, and privacy teams hold certifications from ISACA, (ISC)2, the Cloud Security Alliance, and the SANS Institute.