Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

VoIP Compliance

From your office phone system to your headset, work securely.

PCI DSS Compliance Overview

How does PCI apply to VoIP?

Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards devised to safeguard all companies that accept, obtain, process, save or transmit credit card information. It applies to organizations of all sizes with any number of online transactions that accept, pass on or store cardholder information – this could be via the phone, internet, or any other means.

What if a business is non-compliant?

Organizations could be at a serious risk for data breaches if they are non-compliant to this regulation.  Furthermore, if an organization is found to be non-compliant, it could be fined anywhere between $5,000 and $100,000 per month. These violations could also incur huge card replacement costs and in-depth investigations into the non-compliant business.

GDPR Readiness Overview

How does GDPR apply to VoIP?

The EU’s General Data Protection Regulation (GDPR) imposes financial penalties for data breaches and mishandling of personal data. Using “state-of-the-art" technology is suggested for those businesses that want to lower the risk associated with processing personal data. IP Telephony utilizes industry standard encryption mechanisms such as TLS 1.2 to encrypt traffic to and from VoIP handsets.

What if a business is not GDPR ready?

Violations on certain articles of GDPR carry fines of up to €20M or up to 4% of total global revenue of the preceding year, whichever is greater.

HIPAA Compliance Overview

How does HIPAA apply to VoIP?

As part of the Health Insurance Portability and Accountability Act (HIPAA), the Privacy Rule exists to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and wellbeing. The Privacy rule applies to any health care provider (the covered entity) or business associate who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA1.

What if a business is non-compliant?

Organizations that fail to comply with these regulations run the risk of fines or criminal charges.

Impact for Cisco Unified Communications

PCC DSS v3.2, HIPAA, and GDPR advise organizations to safeguard individual’s personal data. Customers using Cisco endpoints and Cisco Unified Communications are encouraged to develop action plans in order to comply with this guidance. This may include activities such as identifying devices and software that do not support TLS 1.2, and developing a plan to upgrade, reconfigure, or replace them.

Refresh your IP Phones

Many older IP phone models are not able to keep up with security and compliance standards. However, the latest Cisco IP phones reduce regulatory compliance risks and provide the latest technology with the option to be on-premises or cloud.

Cisco headsets

Experience vibrant sound and all-day comfort with Cisco headsets.

Get started

Ready to take the next step?