How we’re prioritizing customer security with new data protections

“As I said at the Black Hat 2023 conference’s panel discussion on ‘Navigating the Storm of Threat and Revenue Intelligence in Modern Security,’ you can never become complacent with your security program. That’s why Gong made additional investments to our cybersecurity program with cloud-based security and privacy certifications.” – Jack Leidecker, CISO at Gong

If you’re a Gong customer, you’ve entrusted us with an incredibly valuable asset: your company data. 

That’s a responsibility we take very seriously. It’s what propels us — as a steadfast partner to your cybersecurity team — to stay ahead of the game with the latest security measures.

It’s also why we’re excited to share that we recently achieved two significant certifications from the International Organization for Standardization (ISO). Gong is now included in the Cloud Security Alliance’s (CSA’s) Security, Trust, Assurance, and Risk (STAR) Registry. 

At Gong, our Office of the CISO regularly hosts conversations with security teams inside our customers’ organizations. Hearing from highly varied organizations, particularly those with stringent cybersecurity protocols and complex needs, helps us keep every customer safer.  These conversations provide us with unique insights into the risks our most avant-garde customers face. We use that information, in part, to continuously enhance our security controls and stay ahead of emerging threats.

Like many of the security teams we speak with, our team at Gong has long been focused on personal data protection and the security of cloud services. Given our history of continual improvement, we’re introducing an extended security program in these areas.

Our recent certifications are internationally recognized as benchmarks that confirm the security practices we use in our cloud services. Each certification involved a rigorous third-party review and test of Gong’s security controls. 

Here’s how we recently strengthened your data protection inside Gong:

ISO 27017 (Certificate #1122102)

This standard provides guidelines on how we implement information security controls for the provision and use of cloud services. So for example, when your data is in Gong’s cloud computing environment, it’s virtually segmented, monitored, and wrapped around a set of validated operational controls.

ISO 27018 (Certificate #1122103)

This standard protects personally identifiable information (PII) in public clouds that act as PII processors. This further extends our ability to safeguard the personal and customer data we collect, process, and manage on your behalf. Your most valuable assets remain secure, allowing you to protect your confidential information at a threshold that meets your stakeholders’ expectations.

CSA’s STAR Registry

We meticulously documented our cloud security controls at Gong for the CSA’s STAR Registry. This is a public registry where you can learn about the security and privacy controls of popular cloud offerings. We measured our services against the CSA’s best practices, submitted our assessment, and received the CSA’s verification.

Your data security is our top priority. No matter your level of data complexity, you have high expectations as a Gong customer. We’re here to surpass your expectations with a secure and reliable platform that caters to your business needs. These new certifications and registry inclusion are yet another step in Gong’s ongoing dedication to protecting your data. 

For more information on Gong’s compliance and certifications, visit our Trust Center.