// Trust & Security Report

    Genesys Corporation logo

    Genesys Corporation

    Genesys Cloud CX — enterprise AI-powered experience orchestration platform with omnichannel contact center (voice, email, chat, text, social), AI agents and automation, analytics, and workforce management.

    Certifications held

    18

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Independent report on the suitability of the design and operating effectiveness of its controls relevant to security, availability and integrity, pursuant to SOC 2 Type 2 examination under ISAE 3000.

    Verify on genesys.com
    SOC 1 Type 2
    HELD

    Independent report on the description of the Genesys Cloud platform and the suitability of the design and operating effectiveness of its controls relevant to security, availability, and integrity, pursuant to SOC 1 Type 2 examination under ISAE 3402.

    Verify on genesys.com
    ISO/IEC 27001:2022
    HELD

    Globally recognized standard for an information security management system, demonstrating the application of ISO 27002:2022 controls to secure and protect organizational data.

    Verify on genesys.com
    ISO/IEC 27017:2015
    HELD

    Code of practice for information security controls specifically for cloud computing environments.

    Verify on genesys.com
    ISO/IEC 27018:2019
    HELD

    Standard for protection of personally identifiable information (PII) in cloud computing environments.

    Verify on genesys.com
    ISO/IEC 42001:2023
    HELD

    International standard for establishing an Artificial Intelligence Management System, confirming that their AI program is governed by audited policies and controls for responsible development and use of AI.

    Verify on genesys.com
    HIPAA
    HELD

    Achieving compliance with the Health Insurance Portability & Accountability Act (HIPAA) demonstrates assurance through effectiveness of security controls that health information is secured and protected.

    Verify on genesys.com
    HITRUST
    HELD

    HITRUST certification validates security controls for healthcare data protection.

    Verify on genesys.com
    FedRAMP (Moderate Impact)
    HELD

    Genesys Cloud Achieves FedRAMP Authorization at the Moderate Impact level, achieved in July 2023, enabling government agencies to transform customer experience.

    Verify on genesys.com
    DoD Impact Level 2
    HELD

    Genesys Cloud meets Department of Defense impact level requirements for government agency use.

    Verify on genesys.com
    GovRAMP
    HELD

    State-level government authorization for cloud services.

    Verify on genesys.com
    PCI-DSS
    HELD

    Security and operational controls are certified to meet PCI-DSS compliance standards.

    Verify on genesys.com
    Cyber Essentials Plus
    HELD

    UK government-backed cyber security certification scheme.

    Verify on genesys.com
    NIST SP 800-171
    HELD

    NIST Security Requirements for Protecting Controlled Unclassified Information compliance.

    Verify on genesys.com
    NIST SP 800-53 Privacy Control Baseline
    HELD

    NIST privacy control baseline for federal systems compliance.

    Verify on genesys.com
    GDPR
    HELD

    Genesys complies with GDPR as a data processor and is certified under the EU-U.S. Data Privacy Framework, including UK and Swiss extensions.

    Verify on genesys.com
    CCPA
    HELD

    California Consumer Privacy Act compliance integrated into AI feature development.

    Verify on genesys.com
    LGPD
    HELD

    Brazil's Lei Geral de Proteção de Dados (LGPD) compliance supported.

    Verify on genesys.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Customer-selectable; customers choose the Genesys Cloud region where their organization resides, which also serves as the storage location for their data. Optional voice recording storage via Global Media Fabric can be configured to a separate Genesys Cloud Satellite Media Region.

    Genesys explicitly states: 'Genesys does not use customer communications — such as audio, video, chat, screen recordings, attachments or metadata — to train shared or third-party AI models.' AI systems are designed to use data minimally, isolate systems, and never train shared models on customer personal data.

    // Security controls

    Encryption in transit

    HTTPS with TLS 1.2 or higher

    genesys.com

    Encryption at rest

    AES 256-bit encryption for data at rest

    genesys.com

    Key management

    Unique encryption keys per customer with Bring Your Own Key (BYOK) capability available

    genesys.com

    Data isolation

    All customer instances logically separated; data access pathways isolated between customers

    genesys.com

    AI Ethics governance

    Cross-functional AI Ethics Board with roles assigned for each step of AI lifecycle; privacy-by-design approach embedded throughout

    genesys.com

    // Products & data scope

    Genesys Cloud CXContact Center / Experience Orchestration

    data: Customer communications (voice, chat, email, text, social), interaction metadata, recordings (optional), contact history

    Core unified platform; omnichannel contact center with AI, analytics, workforce management, and integrations with Salesforce, ServiceNow and 1000+ marketplace apps.

    Genesys Cloud AI AgentsAI / Automation

    data: Customer interactions and context data for agent reasoning and decision-making

    Agentic AI that can reason, act and adapt across customer experiences; does not train on customer data for shared models.

    Genesys Cloud AnalyticsAnalytics

    data: Interaction data, text and speech analytics, event data for customer journeys

    Real-time optimization and compliance reporting via text/speech analytics; customer data remains under customer control.

    // At a glance

    Pricing model

    SaaS subscription (per-user or per-interaction models available)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Genesys Corporation's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    genesys.com

    > Browse all vendor trust reports