|Announced on||Rollout on|
|March 6, 2023||March 6, 2023|
Zendesk takes security and the protection of our Subscribers’ Service Data very seriously. If a security incident impacts your Service Data, it’s our top priority and legal obligation to notify our customers within the required time period.
Previously, Zendesk automatically sent security-related notifications to your designated account owner. Now, you can specify the email address where you’d like to receive notification of a confirmed security incident that has impacted your Service Data.
This announcement includes the following topics:
What is changing?
In Admin Center, a Security contact email field was added to Account > Security > More settings.
If Zendesk sends a security incident notification, it goes to the email address in the Security contact email field, seen above. The account owner also receives a copy.
Why is Zendesk making this change?
Most organizations have a person, group, or department dedicated to security. As a result, the account owner may not always be the correct person to notify when a security event impacting Service Data occurs. Having a dedicated security contact ensures that the appropriate security personnel are alerted.
What do I need to do?
Zendesk strongly recommends that you add your company’s security (or other relevant) contact email address to Zendesk as soon as possible. Doing so allows the correct person or group to receive notification of a security incident in a timely manner.
For more information, see Designating an email address to receive required security notifications.
As always, we’re here if you have questions or need support. Here’s how to contact us.
Max McCal any chance of updating this field to support multiple email addresses? 🙂
This is a welcome change, thank you. I second the request for supporting multiple email addresses as we need to notify multiple stakeholders.
Stephen Belleau Anthony Stenhouse
From a managing point of view, I would vote against the proposition. IMO It would be more efficient to manage a group of people who should be notified from a distribution list. You would only need to provide Zendesk with one email address and manage the people who should be notified from within your organization. That way, also when people leave the company or change position, they can be removed from the distribution list by your IT.
I think there's room for both options. Each company/team has different workflows and it may not always be possible to use a single distributed email (which is how we are currently managing this).
Please sign in to leave a comment.