NocNativeCloud
verified_user GDPR Compliant cloud_done 99.9% Uptime SLA storage EU Data Residency by default
security Security & Compliance

Security & Compliance Built In From Day One

NocNativeCloud is built entirely on AWS — inheriting one of the most comprehensive compliance programmes of any cloud provider. Here's exactly what that means for your data, and what we do on top of it.

Get In Touch

INFRASTRUCTURE

Built on the most trusted cloud infrastructure

NocNativeCloud is built entirely on Amazon Web Services — the world's most comprehensive and broadly adopted cloud platform. AWS maintains the largest compliance programme of any cloud provider, with 143 security standards and compliance certifications. When you deploy with NocNativeCloud, you inherit this security posture from day one. No separate security audit of our infrastructure required — AWS has already done it. Our role is to ensure our configuration, deployment, and operational practices meet the same bar.

HOW IT WORKS

The AWS Shared Responsibility Model

Security on AWS is a shared model. AWS secures the infrastructure. We secure how we build and operate on top of it. Both layers are in place.

cloud

Layer 1

AWS is responsible for

  • check_circle Physical data centre security (access, power, cooling)
  • check_circle Hardware and network infrastructure
  • check_circle Hypervisor and virtualisation layer
  • check_circle Managed service patching and maintenance
  • check_circle Global DDoS mitigation (AWS Shield)
  • check_circle All certifications listed below (SOC 2, ISO 27001, PCI DSS, etc.)
business

Layer 2

NocNativeCloud is responsible for

  • check_circle How we configure and deploy AWS services
  • check_circle Encryption of customer data at rest and in transit
  • check_circle Access controls, MFA, and least-privilege IAM policies
  • check_circle Data residency — keeping your data in EU by default
  • check_circle Application-level audit logging and monitoring
  • check_circle GDPR compliance — consent, DPAs, data subject rights

The certifications below are held by AWS and cover the infrastructure layer. Our own controls documentation is available on request for security questionnaires.

CERTIFICATIONS

Certifications inherited via AWS infrastructure

All certifications below are held by Amazon Web Services and cover the infrastructure layer that NocNativeCloud runs on. You benefit from these from day one — no separate audit required.

verified_user Via AWS

GDPR

NocNativeCloud runs on AWS EU (Ireland) eu-west-1 by default — all customer data, call recordings, and transcripts stay within the EU. Consent capture, data subject rights, and data processing agreements (DPAs) available on request.

verified_user Via AWS

SOC 1 Type II

Covers controls relevant to financial reporting. Independently audited by a third-party auditor on an annual basis. Available to customers under NDA for due diligence and procurement purposes.

verified_user Via AWS

SOC 2 Type II

Covers security, availability, processing integrity, confidentiality, and privacy across the AWS infrastructure layer. Independently audited annually. NocNativeCloud's own SOC 2 certification is currently in progress.

verified_user Via AWS

SOC 3

The public-facing summary of AWS SOC 2 controls. Freely available and suitable for sharing with stakeholders requiring a high-level compliance overview without needing the full SOC 2 report under NDA.

verified_user Via AWS

ISO 27001

International standard for information security management systems (ISMS). AWS ISO 27001 certification covers the services used by NocNativeCloud including Amazon Connect, Amazon Lex, and AWS Lambda. The gold standard for European enterprise procurement.

verified_user Via AWS

ISO 27017

Cloud-specific extension to ISO 27001 covering security controls for cloud providers and their customers. Directly addresses the shared responsibility model and cloud-specific risks beyond the base ISO 27001 standard.

verified_user Via AWS

ISO 27018

Protection of personally identifiable information (PII) in public cloud. Directly relevant to handling customer voice recordings, call transcripts, and personal data — critical for insurance and healthcare deployments.

verified_user Via AWS

PCI DSS Level 1

The highest level of Payment Card Industry compliance. Relevant for any voice or chat flows involving payment processing. AWS PCI DSS covers the underlying infrastructure; payment data handling in your flows must follow PCI scope rules.

verified_user Via AWS

HIPAA-eligible

AWS services used by NocNativeCloud are HIPAA-eligible. AWS signs Business Associate Agreements (BAAs) and the platform is designed to support HIPAA-compliant deployments. Customers retain responsibility for their own HIPAA programme.

verified_user Via AWS

CSA STAR Level 2

Cloud Security Alliance Security Trust Assurance and Risk certification. Independent third-party assessment against the CSA Cloud Controls Matrix — provides cloud-specific assurance beyond ISO 27001 for cloud-native deployments.

verified_user Via AWS

Cyber Essentials Plus

UK Government-backed cybersecurity certification independently verified by an accredited assessor. Demonstrates protection against the most common cyber threats. Relevant for UK-based or regulated deployments.

verified_user Via AWS

FedRAMP Moderate

US Federal Risk and Authorisation Management Program. AWS GovCloud regions are FedRAMP High authorised. Relevant for any US federal or government-adjacent deployments requiring federal cloud security standards.

NOCNATIVECLOUD CONTROLS — IN PLACE TODAY

What we do on top of AWS

Beyond inherited AWS certifications, these are the controls NocNativeCloud operates directly — in place now, not pending certification.

location_on

Data residency

By default, NocNativeCloud deploys in AWS EU (Ireland) eu-west-1 region. Your customer data, call recordings, and transcripts are stored and processed within the EU. Alternative regions available on request. Data never leaves your chosen region without explicit consent.

lock

Encryption everywhere

All data encrypted at rest using AES-256. All data in transit encrypted using TLS 1.2 or higher. Call recordings, transcripts, and customer data are encrypted before storage. Encryption keys managed via AWS Key Management Service (KMS) with customer-managed key option available.

manage_accounts

Access controls

Role-based access control (RBAC) enforced across all systems. Multi-factor authentication (MFA) required for all administrative access. AWS IAM policies follow the least-privilege principle — every service and user has only the permissions required for their function.

receipt_long

Audit trails

Immutable, tamper-evident logs of every customer interaction, agent action, system access event, and configuration change. Powered by AWS CloudTrail and Amazon Connect Contact Trace Records. Full audit trail available for regulatory review and incident investigation.

RELIABILITY

99.9% Uptime SLA

99.9%

Uptime SLA

Our platform SLA is 99.9% uptime, backed by AWS multi-AZ infrastructure with automatic failover. Amazon Connect is built on the same global AWS network used by some of the world's largest enterprises. In the event of an availability zone failure, traffic is automatically routed to healthy infrastructure — with no manual intervention required. For contact centres, downtime is not an option. Neither is ours.

  • check_circle Multi-AZ deployment with automatic failover
  • check_circle No single point of failure across the stack
  • check_circle AWS global infrastructure — the same used by the world's largest contact centres
  • check_circle Real-time health monitoring and automated alerting

Questions about compliance or security?

Our team can walk you through our security posture, data handling practices, and compliance documentation. Get in touch.

Get In Touch

CONTACT

Get in Touch or Book a Demo

Whether you'd like to schedule a demo or just reach out, use the form below. We'll get back to you shortly.

or send us a message