In today’s world, compliance and security is not a choice, it’s a necessity. This has been our major focus from the very beginning. We are strongly committed to design and build our product with the highest level of security and compliance in mind. 

We’re very excited to share with you our Microsoft 365 App Certification. It acknowledges that SalesTim has reached the high level of security and compliance that is required for an enterprise-grade app integrated into the Microsoft 365 ecosystem. 🚀 🚀 🚀

This is great news for our team, our customers, and our partners. As a matter of fact, only a very small number of apps in the Microsoft Teams store have reached this certification, and today SalesTim is proud to join their ranks.

What is the Microsoft 365 App Certification?  

The Microsoft 365 App Certification acknowledges that an app provides the highest level of data protection, security and privacy. In other words, if you use a Microsoft 365 certified app, you can be confident that your internal data and sensitive information are under control and protected.  

This certification is comprised of four main domains.

Application Security Domain

The Application Security domain especially includes Microsoft Graph API Permission validation and Application Security Testing.

Microsoft Graph API Permission validates that the app doesn’t request overly broad permissions, and that each of them are properly justified. 

The independent application security testing must be carried out by a reputable independent cybersecurity company. We’re now working with the French Cybersecurity and Auditing company Synetis. With the help of Synetis, we conducted an initial penetration test and security audit. In addition, we contracted with them to perform similar testing quarterly.    

Operational Security Domain

As a next step, the application must prove its infrastructure and deployment processes are aligned with security best practices from the industry. For instance: 

  • Malware Protection
  • Patching
  • Firewalls
  • Secure Software Development
  • Risk Management

Data Handling Security and Privacy Domain

The Data Handling Security and Privacy section covers the following:  

  • Data security at rest and in transit
  • GDPR compliance
  • Data Access Management
  • Access Control

Optional External Compliance Framework Domain

Also, the certification analysts may check the validity of those security compliance frameworks:  

  • ISMS/ IEC – IS0/IEC 27001 specification 
  • PCI DSS 
  • SOC 2 

How did SalesTim accomplished the M365 App Certification? 

Our journey to receive this certification from Microsoft was not a piece of cake! Our team has worked for over two months with an independent auditor to achieve this certification process. 

At SalesTim, we believe that success is built on trust, and that trust starts with transparency. This certification from Microsoft is the tangible recognition of months of investments in our security and compliance posture, and our commitment to offer the best level of data protection to our customers.

Guillaume Meyer, CEO and Co-Founder of SalesTim

All the evidences collected during the certification process were centralized in a 120 pages document, covering all the required controls related to the security, data management, and compliance.

You can learn more about our security and compliance policies from our Trust Center.

We’re proud to get this certification from Microsoft and we’re glad to offer to our customers the highest level of security and compliance.

Leave a Reply

Your email address will not be published. Required fields are marked *