July 03, 2021
8 Microsoft Teams Questions about Recording Compliance and Security Conversations
Microsoft Teams provides your organization with a dynamic unified communications platform. However, you must select a compliance registration platform to protect and take advantage of all the data ms teams provides. The following 8 questions help you understand your key security, data ownership, and compliance concerns for your Microsoft Teams call recording platform.
1.Does the solution support multiple geographic locations and storage?
As a law, the GDPR alone forces a huge number of companies to limit where their call recordings are stored. This is due to something called data sovereignty, which requires customer data to be stored in the area where it was captured. This becomes even more complicated when those same calls have to be shared in a safe and compliant manner outside their area of origin. Ah, but it’s not as complicated as your recording solution was built by a compliance-aware group of developers. The bottom line is that laws such as the GDPR have made dealing with customer data a challenge. A well-built cloud-based recorder can resolve both data sovereignty and compliance sharing issues. The company that delivers your solution must have a global storage network that can comply with sovereignty regulations. If you don’t see anything about data sovereignty or compliant sharing of calls on their website, take a risk.
2.Does the solution support different user roles and detailed security?
Imagine a company where every employee had access to the call recording platform. That means they can see all the incoming and outgoing numbers, they can listen back to the calls, see notes and scores of agents. They can delete or send any data they want at will. Now imagine what would happen if one of those employees turned out to have malicious or criminal intent. Your call recording platform is there to keep your business compliant, but if it doesn’t let you dictate strict user access rights, you run the risk of exposing the data, violating compliance. Your Microsoft Teams recorder needs to know who has access to what in your company.
3.Does the solution support PCI compliance? Is this a manual process, or can this be done through automation?
If your company takes credit cards over the phone, it means your call withdrawals include vulnerable customer credit card numbers. The Payment Card Industry Data Security Standard (PCI DSS) requires these songs to be deleted not only from your audio recordings, but also from any place where they exist, including screen recordings and transcriptions. Does your platform offer you an option to delete these numbers manually? Better yet, does it give you an option to automatically delete these songs from your recordings? With such a feature, you save years of time and money.
4.How much control over recorded conversations does the solution offer?
Data sovereignty is not the only storage issue that can occur with compliant call recording. But what happens if you have to isolate specific calls that are part of an audit or dispute? Perhaps your plan in that scenario is to download the call files easily locally, but removing that data from encrypted storage can be a compliance violation. It’s a tricky situation, but there’s a solution. Ask your solution provider if they have a “legal retention obligation” feature that suspends standard storage indefinitely?
5.Does the solution have audit trails and history for all elements of the solution?
Part of the answer to this question is another question: why do we take these calls in the first place? Yes, laws oblige us to do so, but there must be a use in connection with compliance laws. Recordings of conversations help us trace disputes and issues back to the source through an audit process. Just having a lot of call recordings without external data about the conversation makes an audit almost impossible. Your solution must extract the maximum amount of data, including timestamps, call duration, incoming and outgoing numbers, caller ID, PBX metadata, internal appliance numbers, and agent ID.
6.Does the solution support enhanced security controls?
It speaks for itself; security is a major compliance issue. You need to handle your call recording platform as you would handle a bank account. It is full of valuable data about your customers and your business that must be protected at all times. Ask your solution provider if their platform supports multi-factor authentication, IP limitations, and support for multiple authentication vendors such as Azure AD, on-prem AD, and OKTA.
7.Does the supplier carry out annual third-party security assessments and audits?
Your calls are only as secure as the company that records and stores them. It should be standard to ask every vendor you evaluate if they are performing penetration tests and audits on their platform and its storage network. If they say they don’t, walk away. If they say they are, ask him when the last penetration test was. This is not a nice-to-have function; this is an absolute necessity.
8.Does the solution allow you to share audio and video securely and compliantly without having to download and email conversations?
Sharing audio and video from recorded conversations is a minefield for compliance with business rules. The exposure of customer data is the subject of many lawsuits. Find out if your vendor is harnessing the power of the cloud to fully encrypt and share recorded customer interactions. If the vendor only allows calls to be downloaded, that is a compliance violation. Your platform should allow you to share audio, video, and screen recordings without downloading. This is done by using an encrypted link that only the recipient can view the data at the source.
Want to know more?
Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.