AT&T Office@Hand

Learn how to use features from AT&T Office@Hand. Access our self-help options to set up and use this application to communicate with customers.

Back to product page

Data Security | AT&T Office@Hand
Article #44882

This article provides more information about the AT&T Office@Hand Data Security.

AT&T Office@Hand provides robust security measures to help ensure a highly secure and reliable phone service to your business operation. As a cloud service provider, AT&T Office@Hand offers several layers of built-in security. These include the physical, infrastructure, host, data, application, and business processes, as well as the enterprise level of your organization.

Customer account security is a shared responsibility between AT&T Office@Hand and customers. Security is implemented via policies and governance practices (people), within the service development and operations processes (process), and the application and infrastructure layers (technology).

Transmission security

To prevent interception of your communications, AT&T Office@Hand provides Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between all endpoints.

Infrastructure security

AT&T Office@Hand offers the following infrastructure safeguards:

  • Network and applications: firewalls and session border controllers
  • Administrative functions: multiple authentication levels
  • Technology: intrusion-detection systems and fraud analytics
  • Operational functions: monitoring, system hardening, and vulnerability scans
  • Payment processing: full PCI DSS 3.1 compliance

Physical and environmental security

The AT&T Office@Hand platform is deployed across SSAE 18 and ISO 27001-audited data centers, protected by robust electronic prevention systems, on-site engineering specialists, and security guards. The geographic diversity of our locations also minimizes the risk of data loss and service interruption due to catastrophe.

Proactive fraud mitigation

AT&T Office@Hand prevents toll fraud through access control, detection controls, and usage throttling, and gives you granular control over who gets to make international calls and to where. AT&T Office@Hand’s security department performs active monitoring to detect and notify customers of anomalous calling patterns on their account.

FINRA security controls

FINRA’s mission is to protect investors by making sure the United States securities industry operates fairly and honestly. To assist our FINRA-regulated customers, AT&T Office@Hand has implemented the applicable cybersecurity requirements from SEC regulations. This means all AT&T Office@Hand call recordings, call logs, fax exchanges, SMS, MMS, audio and web conferencing, and team messaging communications are in compliance with applicable SEC regulations.


We regularly undergo independent verification of our security controls to protect our customers’ data and communications and to meet regulatory and compliance needs.

SOC 2 Type 2 (SOC 2+)

The SOC 2 report validates the effectiveness of our operating controls as a service organization against the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. AT&T Office@Hand annually undergoes a third-party audit to certify our services against this standard. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.


Unlike a SOC 2 report, a SOC 3 report can be freely distributed to the public for general use. AT&T Office@Hand has undergone a third-party audit to certify our services against this standard.

HIPAA compliance

The government does not offer a HIPAA certification for business entities. In order to meet the HIPAA security requirements as they apply to our service and operations, AT&T Office@Hand has implemented the HIPAA security safeguards. We annually undergo a third-party SOC 2+ audit, which includes an assessment of controls mapped to the HIPAA Security Rule requirements, that demonstrates the implementation of the security safeguards and requirements outlined in the HIPAA Security Rule. A copy of the most recent report is available upon request from your Account Manager or Sales Representative.


AT&T Office@Hand Online Account and the AT&T Office@Hand Mobile App have earned Certified status for information security by HITRUST. HITRUST CSF Certified status indicates that these AT&T Office@Hand applications have met industry-defined security requirements and are appropriately managing risk. AT&T Office@Hand is part of an elite group of global organizations that have earned this certification. HITRUST CSF helps organizations address cybersecurity challenges through a comprehensive framework and scalable security controls by including federal and state regulations, standards, and frameworks. HITRUST CSF Certification sets the highest standard for compliance of security requirements and has become the benchmark which organizations apply to safeguard ePHI data.

Skyhigh Enterprise-Ready (McAfee Enterprise-Ready)

AT&T Office@Hand Online Account has earned the Skyhigh’s CloudTrust rating of Enterprise-Ready, the highest rating possible from Skyhigh. Skyhigh provides this status to cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Key Words: data security, AT&T Office@Hand, data security on the AT&T Office@Hand