1. Gong Help Center
  2. Configuring Gong
  3. Data protection & privacy

Menu

PCI DSS compliance

Follow
Naomi Papoushado
  • Updated

Gong is committed to respecting the privacy of you and your customer’s information, including electronic cardholder data. The Gong application does not store any primary account credit card information, but has the ability to handle such data in transit in such a way which is compliant with PCI DSS (Payment Card Industry Data Security Standard) for accepting, processing, storing, or transmitting payment card information. By adhering to these standards, an organization ensures the security of credit, debit, and cash card transactions and protects cardholders against fraud or other misuse of their personal information.

What is PCI DSS?

PCI DSS is a proprietary information security standard for organizations that handle payment card information. The PCI Standard is mandated by payment card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually.

How has Gong’s PCI DSS compliance been validated?

Gong’s PCI DSS compliance includes the completion of the SAQ-D questionnaire and an external validation by a Qualified Security Assessor (QSA).

Can I review the Gong Attestation of Compliance (AOC) for PCI DSS?

Gong may distribute the PCI DSS AOC to interested parties after they execute a non-disclosure agreement (NDA) with Gong. To receive an NDA from Gong, contact your Customer Success Manager or sales account executive.

What features are PCI DSS-compliant?

The PCI DSS compliant environment includes the Gong app integrations with telephony systems, initial storage of these calls, and processing intended to redact all credit card information from these calls in a non recoverable manner.

Once enabled, all data stored and processed in the Gong Service is “free” of credit card information and the resulting environment is PCI DSS compliant.

How can I sign up for Gong with PCI DSS compliance?

All customers can make use of the Gong PCI DSS compliance by defining the redaction rules for calls uploaded through telephony system integrations.

What are my responsibilities for using Gong in a PCI DSS-compliant manner?

The customer’s responsibility is to define the redaction rules for calls being uploaded from telephony systems to the Gong Service. This can be done easily in the DATA PROTECTION & PRIVACY settings by defining the minimum sequence of digits that should be redacted. Once this is defined all future calls will have these settings applied both on the audio files as well as on the call transcripts.