Thanks to widespread adoption, Microsoft Teams is also often subject to compliance obligations, such as the General Data Protection Regulation (GDPR), which safeguards the personal data of consumers and employees, and MiFID II, which was introduced to remove risk in the financial services sector following the financial crisis of 2008.
Tamper-proof, secure storage and deletion
A major component of these regulations, and many more like them, is the requirement to record calls and digital communications, and ensure that they are stored securely, easy to access, tamper-proof, and deleted after an appropriate period of time (such as the end of a consumer contract or, in the case of MiFID II, after 5/7 years).
Although MS Teams does offer personal call recording functionality, as well as policy-based controls to set organisational and individual recording rules, these are not sufficient for achieving true compliance. That’s because they are not tamper-proof. Compliance recording requires a completely tamper-proof approach, so that all calls that must be recorded are captured, and no user override or other intervention is possible.
That’s not the case with Touch. Touch Compliance Recording for MS Teams is completely tamper-proof. What’s more, it’s also certified by Microsoft. The service also supports policy-based recording fully controlled by the enterprise customer.
Policy-based recording allows organisations to stipulate through an administrative or compliance policy which calls and communications, or which users, require automatic call recording. The calls are captured for subsequent processing, storage, and retention according to the company’s policies.
Since no user intervention is possible, it’s completely tamper-proof. Users are unable to disable the recording feature and do not have access to the recording once the interaction is complete. Once captured the recorded files are then archived based on the company’s policies.
What does Touch offer that the personal recording in MS Teams does not?
As MS Teams has its end-user controlled personal call recording feature, we are sometimes asked by potential customers why they would require Touch Call Recording Service in addition? In fact, there a number of significant reasons. Here’s several for you to consider.
First, Touch Call Recording Service is a fully managed, network-based service (meaning it doesn’t require complex software or hardware deployments on the customer’s premises) that offers policy-based call and digital communication recording.
Second, it is directly integrated with MS Teams and the Microsoft Office suite through open APIs – integration of MS Teams with other third-party vendors can create operational and technical challenges, but Touch takes care of this to provide a complete compliance solution.
Third, the Touch service can record all calls, including conference calls, internal and external, and data-based conversations. It enables organisations to provision selected MS Teams, and all devices associated with them, according to company policies.
Fourth, as soon as a user starts or receives a call, the Touch service automatically records the call and notifies all participants that the call is being recorded. Finally, users cannot turn off the feature and do not have access to the final recordings, making it tamper-proof and removing human error.
Meeting MS Teams compliance obligations with Touch
The Touch Call Recording Service is maintained as part of an ISO27001 certified information system. On completion of the call, the file immediately undergoes a two-stage encryption process, according to ETSI TR 102 661. No content is stored in the database, only metadata. Files are then sent to our secure storage site, and then mirrored to a geo-redundant site to ensure business continuity.
The Touch service ensures compliance with the following regulations:
- MiFID II (Markets in Financial Instruments Directive 2014/65/EU)
- Dodd-Frank Act
- GDPR (The General Data Protection Regulation (EU) 2016/679)
- ISO 27001: Information Security Management
- ETSI TR 102 661 (protection of retained data)
In addition, Touch Call Recording Service also covers more than 50 other digital communication channels. Notably, personal call recording policies enabled by MS Teams do not meet the strict requirements of MiFID II around financial transactions, whereas Touch Call Recording Service offers a complete compliance solution for organisations that need to ensure they meet their obligations. Our experience can take the headache out of compliance and give you piece of mind, regardless of the channel being used.
Touch Call Recording extends ISO accreditation
Touch Call Recording is pleased to announce that we have expanded our ISO quality accreditations and certification, strengthening our overall quality systems - and confirming our leading position as a compliance and call recording provider.
Meeting NIS2 and DORA compliance with Touch Call Recording Service
NIS2 and DORA are two new EU-wide regulations that will affect millions of organisations based in, and offering services to, the EU bloc – and have a direct impact on call recording and compliance programmes. Are you ready?