We know how important data security is to you – it’s important to us as well. That’s why CallMiner is constantly striving towards delivering the highest level of data security and protection possible within our cloud environment.

To this end, CallMiner undergoes a rigorous testing schedule to verify SOC 2 Type II, FISMA, HITRUST, ISO 27001 and PCI DSS controls and compliance through an independent third-party audit conducted by KirkpatrickPrice.


SOC 2 engagements show strong commitment to deliver high quality services to our clients by demonstrating that we have the necessary internal controls and processes in place. SOC 2 engagements are based on the AICPA’s Trust Services Principles: security, availability, confidentiality, privacy and processing integrity. This process ensures that information security practices, policies, procedures and operations meet or surpasses the rigorous SOC 2 standards.

FISMA Compliance

A FISMA Compliance Audit verifies that we recognize the importance of information security by following a tailored set of baseline security controls from NIST Special Publication 800-53. FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, is a mandatory federal standard developed by NIST in response to FISMA.

ISO 27001 Compliance

ISO 27001 is a specification for an ISMS (Information Security Management System) standard. It creates and implements the most effective and efficient Security Management System for the organization. An international standard, the ISO 27001 applies controls from the following areas: Security Policy, Organization and Information Security, Asset Management, Human Resources Security, Physical and Environmental Security, Operations Management, Access Control, Information Systems Acquisition, Information Security Incident Management, Business Continuity Management, and Compliance.


Health Information Trust Alliance Common Security Framework (HITRUST CSF) certifies that an organization has the necessary controls in place to meet the legal requirements of the Health Insurance Portability and Accountability Act (HIPAA). Under the security rule of HIPAA, entities must develop administrative, physical, and technical safeguards, that maintain the confidentiality, availability, and integrity of electronic protected health information (ePHI). HITRUST CSF Certified status demonstrates that CallMiner’s HITRUST boundary has met key regulations and industry-defined requirements and is appropriately managing risk.

PCI DSS Certified

The Payment Card Industry Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures. These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card.