VCC Live achieves SOC 2 compliance to meet the highest data protection standards

We’re proud to announce that VCC Live has successfully completed the SOC 2 Type II audit: a rigorous, independent evaluation of our security, availability, and confidentiality controls.

As a leading CCaaS provider, it is our responsibility to keep increasing our clients’ trust in our service. 

We spoke with Balázs Zsolt, Information Security & Business Continuity Manager at VCC Live, with more than a decade of experience with our service compliance. 

Balázs shared his expert insights on what SOC 2 means for VCC Live, our customers, and the industry.

What is SOC 2, and why is it important for a CCaaS provider?

Balázs Zsolt:
SOC 2 is a framework developed by the American Institute of Certified Public Accountants (AICPA) to evaluate how organizations handle customer data. 

It focuses on five Trust Services Criteria (TSC): 

• security, 
• availability, 
• processing integrity, 
• confidentiality, 
• privacy.

For a CCaaS provider like VCC Live, SOC 2 certification strongly demonstrates our ability to protect customer data, reliably deliver our service, and meet the expectations of enterprise clients and regulated industries.

Why did VCC Live pursue SOC 2 certification?

B.Zs:
At VCC Live, we continuously challenge and improve our security framework. We handle sensitive information every minute of the day for both our customers and their end-users, and that comes with significant responsibility.

SOC 2 certification was a natural next step in ensuring that we meet the highest standards, not just for extraordinary situations but in our everyday operations. This is a commitment that we embrace at all levels of our company, both internally and externally.

What does SOC 2 certification mean for our customers?

B.Zs:
We treat confidentiality, accountability, and security as daily responsibilities, now verified through an intensive audit process. Our clients’ data is protected at every step from unauthorized access, breaches, and misuse, supported by secure infrastructure, encryption, access controls, and continuous monitoring.

We can also guarantee that our security measures in place can improve uptime, recovery, and incident response. Clients can rely on the availability of our platform even under stress, thanks to documented and tested processes. 

Anyone is welcome to review the full SOC 2 report simply by asking their Customer Success Manager, after signing an NDA.

Which Trust Services Criteria did VCC Live certify for, and what do they cover?

B.Zs:
We achieved certification for three of the five criteria: Security, Availability, and Confidentiality. 

• Security means our systems are protected against unauthorized access and misuse.
• Availability guarantees that our platform remains operational and reliable
• Confidentiality safeguards sensitive data and ensures it is accessed only by authorized parties.

These are the most critical areas for a CCaaS provider, and our certification confirms that we meet strict standards in each.

How did the audit process work, and how long did it take?

B.Zs:
We chose the Type II audit format, which evaluated the effectiveness of our controls over a three-month period. During that time, the auditors reviewed evidence across all VCC Live’s departments, processes, and systems.

One of the biggest challenges was harmonizing nearly 600 pages of documentation to ensure alignment between ISO 27001 and SOC 2 which have similar standards but with different methodologies. It required meticulous coordination, but it ultimately made our internal processes stronger.

How does SOC 2 shape the way we handle customer data?

B.Zs:
SOC 2 shapes every aspect of how we handle customer data.

• Data is encrypted in transit and at rest, with strong safeguards against unauthorized access.
• Access is limited to authorized personnel, with all actions logged and auditable.
• Systems are monitored and patched proactively, and change management processes are enforced.
• Confidentiality and privacy are built into our workflows, from call recordings to personal information handling.

In short, customer data is secured by design, audited regularly and continuously, and handled responsibly.

How will VCC Live maintain SOC 2 compliance over time?

B.Zs:
Gaining our SOC 2 certificate doesn’t mean it’s time for our teams to rest. To stay compliant, we monitor and improve our controls daily, conduct regular audits, update policies, train employees, and document evidence for the next review.

At VCC Live, we view SOC 2 as part of our culture, not just a yearly checkpoint. Maintaining it means staying vigilant because keeping our customers’ trust is a continuous responsibility.

What should customers look for when evaluating vendors for SOC 2 compliance?

B.Zs:
I can give you a full checklist with the top criteria for SOC 2 evaluation:

• Type of Report: Make sure that your vendor is Type II certified, not just Type I.
• Scope: Make sure it includes the systems and services you’ll actually use.
• Trust Criteria: At minimum, look for Security, plus others relevant to your needs.
• Audit Findings: There should be no critical exceptions, and if so, there need to be clear remediation plans.
• Report Freshness: SOC 2 has to be renewed yearly. Trust vendors whose certificate was issued within the last 12 months.
• Security Culture: Ongoing monitoring, training, and internal ownership should be the norm.
• Transparency: Your vendor should be willing to share the report, after signing an NDA.

VCC Live meets all these criteria and we encourage customers to ask these questions of any vendor they consider doing business with.

What’s next on VCC Live’s compliance roadmap?

Compliance never ends. Beyond maintaining SOC 2, we’re preparing for upcoming regulations like NIS2, DORA, ISO42001 and the AI Act. The regulatory landscape is evolving, and we are committed to staying ahead of it to protect our customers and their users.

At VCC Live, we see this certification as a milestone and a reflection of our ongoing commitment to trust, reliability, and operational excellence. We’re proud to serve as your expert partner in delivering secure and dependable contact center solutions.

Learn more about our security and compliance or speak to your dedicated Customer Success Manager to review our SOC 2 report.