RingCentral's stance on protecting your data
For two decades our company has operated with trust as a core value. In the spirit of transparency, we wanted to provide clarity to our customers—and potential customers—about our focus and commitment to privacy and security.
Here are our trust principles:
1. Trust is an essential part of our culture and corporate values
Trust is a core belief at RingCentral. Being a Trusted Partner is one of our four core values and represents the way we operate our company, as well as how we engineer and operate our services.
The company teaches this value to every employee and is a part of our company culture every day. We perform annual training for our employees on data privacy, information security, and our employee code of conduct.
2. Your data is your data
Your data is always accessible to you. We never sell your data to third parties. The data you give us to use our services is yours, and we know you trust us with it.
3. We safeguard your information with a multi-layered security approach
We implement multiple safeguards to protect your information, segregate duties between teams, and employ an information security management system that’s audited and certified to international standards.
Multiple layers of tools, processes, and technical measures are implemented for data protection, and we audit hundreds of controls annually via internal and external audits.
4. We have strict controls to prevent backdoor access
We never give any government entity backdoor access, and we have strict controls to prevent backdoor access in our service.
Our secure software development program includes static, dynamic, and manual application security testing. The static code scanning we perform includes checks for MITRE CWE malicious software patterns in addition to checking code for security bugs.
5. We comply with local laws
In every country/region we operate in, we operate our service legally and in compliance with local regulations.
RingCentral is also committed to our customers and the free exchange of ideas. We individually evaluate each data request and, only if the request is legitimate and lawfully made, provide the narrowest possible set of information to authorities.
If RingCentral sees inconsistencies or inaccuracies in a request, we will refuse to fill it. We will resist any request we have reason to believe is unlawful.
6. We are transparent about data processing and our privacy practices
Our data access and privacy practices are regularly audited by third parties against international standards to validate our approach to data protection.
We’re constantly adding new certifications. Current audits for our products include SOC II, SOC III, ISO 27001, ISO 27017, ISO 27018, HITRUST, C5, CyberEssentials Plus, and PCI DSS.
Authorhttps://www.ringcentral.com/us/en/blog/ringcentrals-stance-on-protecting-your-data/ (Michael Machado)