In this part of the Messaging Q&A series, we address key security and compliance considerations for Zendesk messaging. From safeguarding sensitive customer data to aligning with industry regulations such as GDPR and HIPAA, this guide provides insights and best practices to help you maintain a secure and compliant messaging environment.
Q: Does Messaging support Content Security Policy (CSP)?
A: Yes it does.
Q: Is Zendesk Messaging compliant with GDPR?
A: Yes, it is. Information stored locally in the Widget can be cleared at any time. End-users can use your standard browser clearing capabilities.
Q: Can Zendesk Messaging be used in HIPAA-compliant environments?
A: Yes, Zendesk Messaging can be configured for HIPAA compliance when paired with Zendesk’s Enterprise plan and a signed Business Associate Agreement (BAA). Ensure that your agents are trained to handle Protected Health Information (PHI) securely and that necessary safeguards are in place.\
Q: Does Zendesk Messaging encrypt data?
A: Yes, Zendesk Messaging encrypts data in transit and at rest. Data transmitted between your customers and Zendesk is secured using TLS (Transport Layer Security), ensuring that sensitive information is protected from interception.
Q: Does Zendesk Messaging support audit logs?
A: Yes, Zendesk offers audit logs on certain plans, allowing you to track changes to configurations, agent activities, and data access. Audit logs provide a clear record to help identify and resolve potential security issues.
- Viewing the audit log for changes to your account
- Note: This is an Enterprise only feature.
Q: Can an end-user be suspended from Messaging?
A: Yes they can.