Answering the Call: How Zoom Phone Helps Keep Your Communications Secure and Compliant

Whether you're collaborating in a conference room environment, engaging in a virtual event, or connecting over the phone, you want to feel confident that the solution you're using is secure and capable of safeguarding your important communications. That’s why we at Zoom have created our entire platform — including our Zoom Phone solution — with security, privacy, and compliance in mind.

Zoom Phone is a modern cloud phone system natively built for the Zoom platform. Seamless and secure, Zoom Phone streamlines the telecommunications experience with enterprise-class features, many of which are designed to help users manage and safeguard their cloud calling experience.

Here are a few key features that help weave security into the Zoom Phone experience, as well as some industry standards and attestations the solution has achieved. 

Encryption: 

• 256-bit AES-GCM encryption: We use 256-bit AES-GCM encryption as our standard for real-time content and media, which applies to data in transit across Zoom Meetings and Team Chat, Zoom Webinars, meetings occurring via Zoom Rooms, and Zoom Phone data transmitted over the public internet

• End-to-end encryption (E2EE) for Zoom Phone (coming soon): Previously only available in Zoom Meetings, our E2EE offering will be extended to Zoom Phone this year. Zoom Phone users making on-net calls on the Zoom Phone network will have a new option to upgrade to E2EE during one-on-one, intra-account phone calls that occur via the Zoom client.

• TLS encryption: During SIP registration, Zoom Phone leverages TLS encryption.

Caller ID masking: Depending on the purpose of the call and subject to applicable laws, users can choose to display their direct number, a main office number, a call queue number, or no number as the outbound caller ID. This feature helps support the privacy and security of employees’ personal contact information.

Private network peering: Zoom Phone is optimized for secure internet traversal. For additional traversal considerations, Zoom has established direct private network peering links between Zoom Phone data centers and Zoom Phone PSTN service provider networks to prioritize data protection. 

Toll fraud: Zoom Phone utilizes access control and automated detection capabilities in order to detect irregular calling patterns to help prevent toll fraud. If irregularities are detected, our security department will notify users of potential fraudulent activities. 

Calling block lists: Customizable global and personal block lists enable Zoom Phone users and administrators to easily add and manage blocked phone numbers.

Compliance is fundamental for the real-world application of today’s technology solutions, including Zoom Phone. Our cloud phone solution is secure and conforms to the requirements of the following laws, standards, and certifications:

Ray Baum’s Act and Kari’s Law: Zoom Phone supports nomadic E911 services for its users without the need for third-party solutions. Zoom Phone users can be compliant with the U.S.-based mandates for Kari’s Law and Ray Baum’s Act with the proper configurations of existing emergency features, which are outlined in depth in our guide.

Certifications, attestations, and standards attained by the Zoom platform: Zoom Phone is included in a variety of certifications, attestations, and standards that apply to the entire Zoom platform. These include SOC 2 Type II, Cyber Essentials certification – NCSC, CSA STAR Assessment (Level 2), and many more, all of which can be found here.

STIR/SHAKEN: As part of the STIR/SHAKEN authentication standards required by the FCC, Zoom Phone will show “caller verified” check marks on incoming calls to users so they can help identify potential robocalls and spam calls. A check mark icon appears if the carrier has authenticated the calling party and they are authorized to use the calling number. The check mark icon appears in the call log and inbound call notifications (shown in the Zoom client and application) for several inbound call scenarios. More details can be found here. 

Recording compliance: Zoom Phone’s automatic call recording feature can be configured for users and call queues that need to record all interactions. There are configurable data retention periods and configurable data storage location options for collaboration contents that enable customers to define where (regionally) data is stored at rest. We’ve even created a recordings admin role to help customers manage who can access certain recordings, and we have a robust set of APIs designed to enable customers to manage their recordings.

Zoom Phone is just one piece of Zoom’s larger security strategy designed to help protect and support customers. Our cloud phone solution easily flows into other Zoom solutions, helping to stitch together a unified communications experience that’s built with security in mind. 

By adhering to relevant standards and supporting customers with these security features, we strive to create an experience characterized by ease of use, safety, and trust. 

To learn more about Zoom privacy and security, explore our Trust Center.