Office 365 Compliance Framework and Microsoft Kaizala

Office 365 compliance framework document describes the compliance classification levels with required controls for various Microsoft online services. Microsoft Kaizala is following the same compliance framework to manage & operate the service as well as to handle customer data. Presently, Microsoft Kaizala is certified for compliance category A by internal Microsoft Office 365 compliance team, which is responsible for managing this framework. This essentially means that Microsoft Kaizala has strong privacy and security commitments with promise of -

  • No mining of customer data for advertising
  • No voluntary disclosure to law enforcement agencies

Employee Training

While there is very minimal human intervention to keep the service running, all the engineers who work on the product are required to undergo the security and privacy awareness training. Microsoft also ensures that all personnel certify acceptance of responsibilities for privacy requirements.

Kaizala Compliance features for customers

Microsoft Kaizala services and data are hosted on local Microsoft Azure data centers for Indian customers. All the messages, attachments, and Actions shared on Kaizala groups for Indian mobile numbers are stored only in the data centers located in India.
Kaizala also provides capabilities that helps customers to meet their own compliance requirements. Following are top compliance related features currently available in the product:

1. View and manage all Kaizala users with data access

Kaizala maintains an organization specific Kaizala User List (KUL), which is like a phone-based directory for all of its Kaizala users, for its administrators for central management. Any user who becomes a member of organization group in Kaizala, automatically becomes member of KUL. This means that it is a list of all Kaizala users who have potential access to organizations data i.e. all the member of its organization groups. Admins can associate additional custom attributes specific to their organization such as Aadhar No, Location, Designation, etc. for easier identification. It is also possible to delete a user from KUL, which automatically revokes the group memberships for the user.

2. Remove a user from all organization groups

Kaizala management portal offers advance user and group management capabilities, which makes it easier for administrators to onboard and exit employees and partners. By searching for a user’s phone number, portal lists all the groups that a user is member of. Administrator may choose to remove a user from some or all of the groups in one go.

3. Wipe out data from client device

When a user leaves or is removed from an organization group, Kaizala automatically clears all messages, Kaizala Actions and attachments from the client device. This is a unique feature in Kaizala which makes it possible for organizations to control users from stealing the organization data and is especially useful in hostile employee or partner termination scenarios. Kaizala also provides secure and open REST APIs to programmatically handle such scenarios in extended business flows from external systems. We will continue to build additional security and compliance capabilities into the product based on feedback from our customers.