In today’s world, compliance and security is not a choice, it’s a necessity. This has been our major focus from the very beginning. We are strongly committed to design and build our product with the highest level of security and compliance in mind.
We’re very excited to share with you our Microsoft 365 App Certification. It acknowledges that SalesTim has reached the high level of security and compliance that is required for an enterprise-grade app integrated into the Microsoft 365 ecosystem. 🚀 🚀 🚀
This is great news for our team, our customers, and our partners. As a matter of fact, only a very small number of apps in the Microsoft Teams store have reached this certification, and today SalesTim is proud to join their ranks.
What is the Microsoft 365 App Certification?
The Microsoft 365 App Certification acknowledges that an app provides the highest level of data protection, security and privacy. In other words, if you use a Microsoft 365 certified app, you can be confident that your internal data and sensitive information are under control and protected.
This certification is comprised of four main domains.
Application Security Domain
The Application Security domain especially includes Microsoft Graph API Permission validation and Application Security Testing.
Microsoft Graph API Permission validates that the app doesn’t request overly broad permissions, and that each of them are properly justified.
The independent application security testing must be carried out by a reputable independent cybersecurity company. We’re now working with the French Cybersecurity and Auditing company Synetis. With the help of Synetis, we conducted an initial penetration test and security audit. In addition, we contracted with them to perform similar testing quarterly.
Operational Security Domain
As a next step, the application must prove its infrastructure and deployment processes are aligned with security best practices from the industry. For instance:
- Malware Protection
- Patching
- Firewalls
- Secure Software Development
- Risk Management
Data Handling Security and Privacy Domain
The Data Handling Security and Privacy section covers the following:
- Data security at rest and in transit
- GDPR compliance
- Data Access Management
- Access Control
Optional External Compliance Framework Domain
Also, the certification analysts may check the validity of those security compliance frameworks:
- ISMS/ IEC – IS0/IEC 27001 specification
- PCI DSS
- SOC 2
How did SalesTim accomplished the M365 App Certification?
Our journey to receive this certification from Microsoft was not a piece of cake! Our team has worked for over two months with an independent auditor to achieve this certification process.
At SalesTim, we believe that success is built on trust, and that trust starts with transparency. This certification from Microsoft is the tangible recognition of months of investments in our security and compliance posture, and our commitment to offer the best level of data protection to our customers.
Guillaume Meyer, CEO and Co-Founder of SalesTim
All the evidences collected during the certification process were centralized in a 120 pages document, covering all the required controls related to the security, data management, and compliance.
You can learn more about our security and compliance policies from our Trust Center.
We’re proud to get this certification from Microsoft and we’re glad to offer to our customers the highest level of security and compliance.