Office 365 Compliance Framework and Microsoft Kaizala
Presently, Microsoft Kaizala is certified for compliance tier C by the internal Microsoft Office 365 compliance team, which is responsible for managing this framework. This means that Microsoft Kaizala has industry leading privacy and security commitments and is verified with international and regional standards and terms, including:
- ISO 27001
- ISO 27018
- EU Model Clauses (EUMC)
- HIPAA Business Associate Agreement
- SSAE 16 SOC 1 & SOC 2 reports
While there is very minimal human intervention to keep the service running, all the engineers who work on the product are required to undergo the security and privacy awareness training. Microsoft also ensures that all personnel certify acceptance of responsibilities for privacy requirements.
Kaizala Compliance features for customers
Microsoft Kaizala provides regional data residency support through the datacenters in Europe (EU), Asia Pacific (APAC), United States (US), and India (IN). This means Kaizala customers will have data related to organization chats and groups such as messages, attachments, and Kaizala actions stored in the datacenter of their billing region.
Following are top compliance related features currently available in the product.
1. View and manage all Kaizala users with data access
Kaizala maintains an organization specific Open Directory (OD), which is like a phone-based directory for all of its Kaizala users, for its administrators for central management. Any user who becomes a member of an organization group in Kaizala automatically becomes member of OD. This means that it is a list of all Kaizala users who have potential access to organizations data (that is, all members of its organization groups). Admins can associate additional custom attributes specific to their organization, such as Aadhar No, Location, and Designation, for easier identification. It is also possible to delete a user from OD, which automatically revokes the group memberships for the user.
2. Remove a user from all organization groups
Kaizala management portal offers advance user and group management capabilities, which makes it easier for administrators to onboard and exit employees and partners. By searching for a user’s phone number, portal lists all the groups that a user is member of. An administrator can choose to remove a user from some or all of the groups at the same time.
3. Wipe out data from client device
When a user leaves or is removed from an organization group, Kaizala automatically clears all messages, Kaizala Actions, and attachments from the client device. This is a unique feature in Kaizala, which makes it possible for organizations to control users from stealing the organization data and is especially useful in hostile employee or partner termination scenarios. Kaizala also provides secure and open REST APIs to programmatically handle such scenarios in extended business flows from external systems. We will continue to build additional security and compliance capabilities into the product based on feedback from our customers.