Upstream Works

Security and Compliance

Enterprise-Class Security

Upstream Works helps to protect your contact center and customer data with the highest levels of security across applications, systems, assets, and infrastructure. We use best-practice tools, procedures and controls to maximize security, both on-premise and in the cloud.

We regularly engage with third-party security experts for penetration tests to evaluate the security of our system. Businesses around the globe rely on Upstream Works to protect their contact center data.

SOC logo


Upstream Works solutions are SOC 2 Type II compliant providing enterprise-level security and protection

Lock icon


Penetration testing is based on OWASP and NIST SP 800-115 security testing

Cloud icon


Upstream Works cloud solutions follow the AWS FTR framework to protect data and systems

Starts icon



Upstream Works solutions allow users to follow General Data Protection Regulation (GDPR) principles


Prepared for


Upstream Works products are prepared for FedRAMP and meet DISA and STIG compliance requirements.

Upstream Works SOC 3 Compliance Report

The Upstream Works System and Organization Controls (SOC) reports are independent third-party reports that demonstrate how Upstream Works achieves key compliance controls and objectives. The Upstream Works SOC 3 Security and Availability Report provides a high-level overview and the key information from the SOC 2 report in a summary document available for download.

Agent discussing

Upstream Works Data Management and Security

Upstream Works provides omnichannel contact center software that is designed to provide an optimal customer experience. It does not store customer profile records itself. However, it does maintain interaction records which identify customers in terms of pertinent information that enables great CX, including channel of contact, reason for the contact, and other information the contact center deems to be useful. The desktop and routing platform can also track repeat contact behaviors and help identify potential fraud.