We know how important data security is to you – it’s important to us as well. That’s why CallMiner is constantly striving towards delivering the highest level of data security and protection possible within our cloud environment.
To this end, CallMiner undergoes a rigorous testing schedule to verify SOC 2 Type II, FISMA, HITRUST, ISO 271001:2022 certification and PCI DSS controls and compliance through an independent third-party audit conducted by KirkpatrickPrice.

SOC 2 engagements show strong commitment to deliver high quality services to our clients by demonstrating that we have the necessary internal controls and processes in place. SOC 2 engagements are based on the AICPA’s Trust Services Principles: security, availability, confidentiality, privacy and processing integrity. This process ensures that information security practices, policies, procedures and operations meet or surpasses the rigorous SOC 2 standards.

A FISMA Compliance Audit verifies that we recognize the importance of information security by following a tailored set of baseline security controls from NIST Special Publication 800-53. FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, is a mandatory federal standard developed by NIST in response to FISMA.

ISO 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet. The ISO 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system. ISO 27001-2022 certification means that an organization has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.

Health Information Trust Alliance Common Security Framework (HITRUST CSF) certifies that an organization has the necessary controls in place to meet the legal requirements of the Health Insurance Portability and Accountability Act (HIPAA). Under the security rule of HIPAA, entities must develop administrative, physical, and technical safeguards, that maintain the confidentiality, availability, and integrity of electronic protected health information (ePHI). HITRUST CSF Certified status demonstrates that CallMiner’s HITRUST boundary has met key regulations and industry-defined requirements and is appropriately managing risk.

The Payment Card Industry Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures. These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card.