Global security

Sustaining security to strengthen your trust

A world with ever-evolving cyber threats demands an ever‑advancing security strategy. Nuance does everything necessary to secure customer data, stay ahead of cyber threats, and maintain resilient systems.

A mission of safety and security

Nuance Global Security's mission is to ensure customers and employees are kept safe and secure. We achieve this with a defense‑in‑depth strategy driven by highly trained security professionals through corresponding controls, a robust security infrastructure, and the latest cyber intelligence tools. All to keep your information private—and our networks and systems up and running.

Our defense‑in‑depth strategy in action

Nuance Global Security is organized by four mission‑critical groups:

Governance, Risk, and Compliance

Assures timely and consistent delivery of uniform policies, standards, internal measurements, and metrics for adherence.

Cyber Fusion Center

Integrates product security and security operations to make sure our solutions are built to withstand cyber threats.

Global Protection Services

Protects employees, facilities, and assets, conducts digital forensics, and leads our crisis management team.

Resilience and Business Continuity

Strengthens the resilience of our systems to minimize the interruption of services to our customers.

A comprehensive approach to risk

Governance, Risk, and Compliance (GRC) aligns capabilities, policies, assessments, metrics, and controls to reliably maintain data security, manage risk, and ensure compliance with industry security standards across every part of our business. Our approach includes:

Customer responsiveness

We quickly respond to customer requests and inquiries for assurances and attestations regarding audits, certifications, or other security issues. By focusing on our customers, the GRC team can better address important security concerns related to our products and services.

Third-party security risk management

Our third‑party security risk management program requires formal security risk assessments before initiating business relationships with partners, vendors, and others that require technical connections to our networks. All parties must strictly protect sensitive information, tightly control access, and follow privacy laws and regulations.

Employee security education and awareness

We engage and educate employees on evolving online and physical security risks—even simulating email phishing attacks that test knowledge and provide point-in-time learning—to increase diligence and improve understanding of their vital role in protecting against threats.

Our industry certifications

The GRC team works to achieve and maintain security certifications for various Nuance products and services with industry organizations, frameworks, and standards bodies—creating assurances and safeguards that support customer requirements. Our certifications include:

ISO 27001 Certified logo
AICPA SOC 2 logo
HITRUST CSF Certified logo
On the list! 2021 logo

Securing the cloud

Nuance is a cloud‑centric company and has partnered with top‑tier cloud providers, including Microsoft® Azure as our cloud computing service, to offer best‑in‑class security practices and a highly available and redundant infrastructure to our customers.

Where proactive meets preventative

Our Cyber Fusion Center (CFC) takes preventative and proactive measures to protect our networks, systems, and data from threats while adhering to security policies, standards, and controls across our infrastructure. All so you can trust the Nuance solutions you use every day. The CFC comprises:

Systems Security Engineering (SSE) Program

Nuance products and services have security built in, not bolted on later. We analyze, test, and review products at any technology stack and every lifecycle stage—from inception through design, build, deployment, and decommissioning—while implementing risk‑based control objectives and applying industry best practices. SSE ensures we:

  • Govern ourselves through policy, standards, training, compliance, and metrics.
  • Develop products through secure design, architecture, code, threat modeling, and penetration testing; as well as secure deployment, maintenance, and support.
  • Protect our code through cyber threat intelligence, research, and monitoring for and mitigating vulnerabilities.

Security Operations Center (SOC)

Augmenting Nuance’s 24x7 Global Operations Centers, SOC is staffed by a team of certified security researchers and analysts who monitor and analyze cyber threat intelligence from trusted global sources, protect our networks and systems against online threats, and rapidly respond to any potential security events.

Protecting Nuance with rigor

Nuance Global Protection Services is dedicated to preserving the health and well‑being of our workforce, maintaining the integrity of our facilities, preventing unauthorized physical access, and safeguarding data, assets, and intellectual property through:

Crisis management

We monitor real‑time critical event intelligence and manage unexpected events to resolution. Nuance adheres to the NIST framework to align crisis management with local, state, and regional authorities, including guidelines to address and support the security and privacy needs of U.S. federal government information and information systems.

Digital forensics

We perform digital forensics and investigation in partnership with our legal team and government authorities.

Resilience against emerging threats

Nuance maintains business continuity and service availability by developing and implementing organization‑wide plans and processes that prepare us to be ready at a moment’s notice. This includes ensuring our data centers reside in resilient environments with failover and redundancy capabilities that can withstand adverse conditions, unexpected events, and physical and environmental threats.

Nuance Vulnerability Disclosure Program

Our top priority is maintaining the trust and confidence that our customers place in us—and we welcome input from security researchers in detecting potential vulnerabilities.

Visit our Vulnerability Disclosure Program (VDP) to learn more about our VDP Policy and how best to disclose vulnerabilities to us.

Report any concern with confidence

The Nuance reporting hotline empowers customers, employees, vendors—or anyone—to confidentially report concerns or complaints. The tool helps us address alleged fraud, abuse, and other misconduct believed to be unethical, dangerous, or a violation of policy or law. All to stay in compliance, maintain a safe workplace, and uphold the standards set in our code of conduct.

Contact the Service Reliability Center Healthcare and Enterprise Incident Hotline by telephone (1‑800‑206‑0393)(Open a new window) or by email at security@nuance.com to make a confidential report.

All information, content, and materials, available on this site are for general informational purposes only, and do not amend or supersede the express terms of any agreement, any transaction, or any rights or obligations you may have under applicable law, create any rights or obligations, or otherwise affect your or Nuance’s liabilities and obligations. The content is provided "as is;" with no representations as to whether the materials are applicable to any particular service, jurisdiction or location. For specific information regarding your account, please reference to your agreement with Nuance and Nuance’s privacy policy.