Regulatory Certifications
This page documents the certifications held by Vonage for the following lines of business: Core API (SMS/Voice) & Vonage Network APIs (VNA), Vonage AI Media Analyzer, and Vonage AI Studio. It also covers the caveats and distinctions that apply to each certification.
Certifications by Line of Business
The table below shows the certification status for each line of business. See the Compliance Caveats and Distinctions section to understand the specific set of services for which each line of business holds certifications.
Note: SOC 2 Type II evaluates both the design and operating effectiveness of security controls over a sustained period, typically 6–12 months — as opposed to Type I, which evaluates design only at a single point in time.
| Certification | Core API (SMS/Voice) & VNA (Network APIs) | Vonage AI Media Analyzer (Formerly ASR) | Vonage AI Studio |
|---|---|---|---|
| PCI DSS | Not Required | Pending | |
| HIPAA | |||
| SOC 2 Type II | Pending | ||
| ISO 27001 | |||
| CSA | Pending | Pending | |
| IRAP | Not Required | Not Required | Not Required |
Compliance Caveats and Distinctions
Each line of business holds certifications for a specific set of services. The sections below outline what is covered under each.
Core API (SMS/Voice)
Note: All certifications cover the following services: SMS/Voice API (also known as CPaaS).
Certifications:
- ISO 27001
- SOC 2 Type II
- HIPAA Attestation of Compliance
- CSA Star
Vonage Network APIs (VNA)
Note: SOC 2 Type II covers the following services: Network Registry API, Verify API, SIM Swap API, Number Verification API, Identity Insights API, and Vonage QoD API.
Certifications:
- ISO 27001
- SOC 2 Type II
- HIPAA Certificate of Compliance
- CSA Star
Vonage AI Media Analyzer (Formerly ASR)
Certifications:
- ISO 27001
- PCI Service Provider
- SOC 2 Type II
- HIPAA Certificate of Compliance
Vonage AI Studio
Certifications:
- HIPAA Certificate of Compliance