With an increasing number of businesses transitioning to remote or hybrid working, compliance officers must ensure their protocol and security knowledge is up to date. Microsoft Teams offers features for conversation recording, but regulated industries will require additional compliance coverage. Not having proper recording tools could lead to unknowingly breaching regulations. To simplify the process, we've compiled a list of crucial questions that any compliance officer should ask before choosing a compliance solution for Microsoft Teams. Understanding these topics will help keep your organization compliant while mitigating risks associated with critical conversation recording protocols.

1. Does the solution support multiple geographic locations and storage?

GDPR is a law that has forced numerous companies to limit the locations where call recordings are stored. This requirement, known as data sovereignty, mandates that customer data must be kept in the area where it originated. Sharing these recordings safely and in accordance with regulations beyond their area of origin becomes even more complex. But if you have a recording solution built by a compliance-aware group of developers, this doesn't have to be as complicated as it sounds.

Challenges arise in dealing with customer data, as exemplified by GDPR. However, a well-built cloud-based recorder can resolve data sovereignty and compliance issues surrounding call sharing. The company offering your solution must have a global storage network complying with all sovereignty regulations. If their website does not mention data sovereignty or complaint sharing of calls, you are taking a risk with your business.

2. Does the solution support different user roles and detailed security?

Imagine if every employee of a company had access to their call recording platform - being able to see incoming/outgoing numbers, listen to calls, and view agent notes/scores. While such features can enhance compliance and efficiency, failure to establish strict user access policies may invite risks. Imagine if one of these employees had malicious intentions - compromising your data security and integrity.

The solution? Ensure your company's Microsoft Teams recorder imposes strict user access controls. Don't take any chances and always prioritize data compliance.

3. Is the solution PCI compliant? Is the process manual, or can it be automated?

If your company accepts credit card payments over the phone, it means vulnerable credit card numbers are included in call withdrawals and pose a risk to customer data. To comply with the Payment Card Industry Data Security Standard (PCI DSS), these numbers must be deleted from all audio recordings, transcriptions, and screen recordings. Does your platform facilitate manual or automatic deletion of these numbers? With this feature, you can save significant time and resources while ensuring compliance with stringent recordkeeping and trade monitoring policies such as MiFID II, MAR/MAD II, MAS, ASIC, Dodd-Frank, and more.

4. How much control over recorded conversations does the solution offer?

Compliant call recording can present more than just data sovereignty issues. Consider having to isolate specific calls for auditing or disputes. Downloading call files to local storage is one solution, but it may violate compliance regulations if the files are stored in encrypted storage.

Thankfully, there's a better solution. Ask your provider if they offer a "legal retention obligation" feature that indefinitely suspends standard storage, enabling hassle-free compliance.

5. Does the solution have audit trails and history for all elements of the solution?

Answering this question requires us to examine the reasons behind taking these calls. While compliance laws make it mandatory, we also extract valuable insights from call recordings. These recordings enable us to identify the root cause of disputes and issues via audits. However, to conduct a proper audit, we need more than just raw recordings. Your ideal solution should extract detailed meta-information like timestamps, call duration, incoming and outgoing numbers, caller ID, PBX metadata, internal appliance numbers, and agent ID, in order to provide a complete picture of the conversation.