Scope

The scope of this document is the CONNECT service and its associated components when delivered as a cloud solution. Where possible and where certain security related topics are depending on features, these are described independently, for instance regarding user-facing webpages and calendar integration (via Microsoft Graph API and Azure Applications). Where relevant, the document references Synergy SKY’s Information Security Management System (ISMS) which is certified to ISO/IEC 27001. This whitepaper does not address third-party services outside of the direct operational requirements for CONNECT.

Overview of CONNECT architecture

CONNECT – Click to JOIN follows these primary steps:

• first, calendar processing trigger meeting parsing and provisioning into CONNECT when applicable;
• second, meeting connection details for the current day is made available to the appropriate meeting rooms, and their video systems. Through their native APIs;
• third, a video system dials into the meeting through OBTP (Cisco) or click-to-join (Poly); and
• finally, the video system is connected to the correct meeting.

CONNECT – JOIN by ID follows these primary steps:

• first, calendar processing trigger meeting provisioning into CONNECT;
• second, a video system dials into CONNECT using the Meeting ID as meeting identification; and
• finally, the video system is connected to the correct meeting.

CONNECT – Scan to JOIN / GO follows these primary steps:

• first, a video system dials into CONNECT, triggering the generation of a unique QR code for that session;
• second, the user scans the QR code with a mobile device, launching the CONNECT GO webpage and authentication through Microsoft Entra;
• third, upon successful authentication, the webpage retrieves the user’s calendar entries and allows the user to select a desired meeting; and
• finally, meeting details are securely transmitted to CONNECT, which establishes the connection in the room while the webpage functions as a remote control for meeting management.
  
  

CONNECT Platform Services

The CONNECT platform consists of the following main services or features.

• CONNECT; Interoperability service for video device to platform calling
• CONNECT – Click to JOIN; for calendar integration and easy-join buttons for video systems
• CONNECT – JOIN by ID; Join any meeting by entering the native Meeting ID
• CONNECT – Scan to JOIN / GO; Scan-Swipe-Join any meeting from your mobile phone

CONNECT

DATA RETENTION AND PROTECTION

Data retention and protection measures within CONNECT ensure that user information is managed responsibly and securely at every stage of its lifecycle. By employing stringent cryptographic methods, enforcing defined retention periods, and adhering to ISO 27001 requirements, the service protects sensitive data from unauthorized access and fosters confidence in its security posture.

Encryption is employed both in transit and at rest, allowing data transmissions (e.g., QR link, OAuth tokens, meeting hyperlink) to remain secure throughout the user’s interaction with the CONNECT platform, as well as for all API integrations the CONNECT platform has with other third-party services. By leveraging TLS protocols and industry-standard cryptographic algorithms, Synergy SKY maintains confidentiality and integrity of information as it moves between devices and services. Data at rest, including any stored logs or retained meeting details, is likewise protected using encryption mechanisms that align with recognized international standards.

DATA FLOW AND LIFECYCLE

Meeting Provisioning

For every meeting that is provisioned, and that is classified as a supported meeting by CONNECT, a gateway is made available to handle incoming video calls to this meeting. The information stored in this process of provisioning a gateway is:

• Meeting type (MS Teams, Google, Zoom, etc.)
• Meeting ID
• Meeting Password
• Meeting Joining link
• Meeting start time and duration

This metadata is stored in an encrypted database, using AES-256. And all data in transit to and from the database is encrypted using TLS 1.2/1.3

Session Termination - Meeting End.

Meeting metadata is retained for 30 days after end of scheduled meeting time or end of last usage of the meeting, before automatic deletion. Call logs are retained for 14 days before automatic deletion.

CONNECT - Click to JOIN 

DATA RETENTION AND PROTECTION

Room calendars are parsed within a window set from now 180 days into the future. During this process required metadata is gathered and processed. The metadata is stored and retained by CONNECT for a maximum of 30 days after the end of the meeting or for a maximum of 30 days after the last usage of the meeting. This window balances the need for the meeting to be accessible even after its scheduled end, and the need for it to be made inaccessible if not used regularly. Also, 30 days is a reasonable time window to accommodate customer support and ensure a robust audit trail in the event of service inquiries or incident analysis

IDENTITY AND ACCESS MANAGEMENT (IAM)

CONNECT Easy-Join integrates Microsoft Graph as its primary interface for accessing user and organizational data within Microsoft 365. This integration enables secure, programmatic access to services such as Outlook calendars, user profiles, and directory information through a unified API. Access to Graph endpoints is governed by the delegated and application permissions as set in the table below, ensuring tight coupling between identity verification and data access. The service adheres to Microsoft Graph’s permission scopes and employs granular access control to request only the minimum necessary privileges, minimizing exposure risk. To maintain operational integrity, all Graph API calls are authenticated using OAuth tokens that are subject to the default token lifecycle policies as defined by Microsoft 365, ensuring that data access is both secure and auditable

DATA FLOW AND LIFECYCLE

This section describes the journey of data within CONNECT Click to JOIN, beginning with calendar processing and ending with the conclusion of a video meeting. By examining each stage of this flow, we highlight how data is processed, transmitted, stored, and ultimately retired in accordance with security best practices and Synergy SKY’s ISO 27001-aligned policies. These are described in the following sections:

• Calendar Processing and Meeting Provisioning
• Video System Connection and Meeting Data Exchange
• Meeting Connection and Interaction
• Session Termination - Meeting End

Calendar Processing and Meeting Provisioning

Calendar processing is continuously done according to the access and permission rights as defined above in the IAM section. CONNECT Click to JOIN is at most processing meetings that are 180 days into the future. For every meeting that is processed, and that is classified as a supported meeting by CONNECT Click to JOIN, the following information is stored:

• Calendar ID and Appointment sequence number
• Calendar recurrence pattern; Start, stop and pattern.
• Organizer of the meeting; Name and email address
• List of invitees; Name and email addresses
• List of rooms/resources; email addresses
• Meeting type (MS Teams, Google, Zoom, etc.)
• Meeting Subject
• Meeting ID
• Meeting Password
• Meeting Joining link
• Meeting start time
• Meeting stop time

This metadata is stored in an encrypted database, using AES-256. And all data in transit to and from the database is encrypted using TLS 1.2/1.3. All communications between calendar services like Microsoft Graph and CONNECT Easy-Join are encrypted using TLS 1.2/1.3.

Session Termination - Meeting End.

Meeting metadata is retained for 30 days after end of scheduled meeting time or end of last usage of the meeting, before automatic deletion. Call logs are retained for 14 days before automatic deletion.

CONNECT - Join by ID

DATA RETENTION AND PROTECTION

User calendars are parsed with a window set to 2 hours into the past and 24 hours into the future. During this process the gathered Meeting metadata consists of meeting Joining link, its associated Meeting ID and Password. No user data is collected by the JOIN by ID component. This metadata is retained by CONNECT for a maximum of 30 days after the end of the meeting or for a maximum of 30 days after the last usage of the meeting. This window balances the need for the meeting to be accessible even after its scheduled end, and the need for it to be made inaccessible if not used regularly. Also, 30 days is a reasonable time window to accommodate customer support and ensure a robust audit trail in the event of service inquiries or incident analysis

IDENTITY AND ACCESS MANAGEMENT (IAM)

CONNECT JOIN by ID integrates Microsoft Graph as its primary interface for accessing user and organizational data within Microsoft 365. This integration enables secure, programmatic access to services such as Outlook calendars, user profiles, and directory information through a unified API. Access to Graph endpoints is governed by the delegated and application permissions as set in table below, ensuring tight coupling between identity verification and data access. The service adheres to Microsoft Graph’s permission scopes and employs granular access control to request only the minimum necessary privileges, minimizing exposure risk. To maintain operational integrity, all Graph API calls are authenticated using OAuth tokens that are subject to the default token lifecycle policies as defined by Microsoft 365, ensuring that data access is both secure and auditable

DATA FLOW AND LIFECYCLE

This section describes the journey of data within CONNECT JOIN by ID, beginning with calendar processing and ending with the conclusion of a video meeting. By examining each stage of this flow, we highlight how data is processed, transmitted, stored, and ultimately retired in accordance with security best practices and Synergy SKY’s ISO 27001-aligned policies.

Calendar Processing and Meeting Provisioning

Calendar processing is continuously done according to the access and permission rights as defined above in the IAM section. CONNECT JOIN by ID is at most processing meetings that are 24 hours into the future. For every meeting that is processed, and that is classified as a supported meeting by CONNECT, a gateway is provisioned ready to handle incoming video calls to this meeting. The information stored in this process of provisioning a gateway is:

• Meeting type (MS Teams, Google, Zoom, etc.)
• Meeting ID
• Meeting Password
• Meeting Joining link
• Meeting start time and duration

This metadata is stored in an encrypted database, using AES-256. And all data in transit to and from the database is encrypted using TLS 1.2/1.3

Session Termination - Meeting End.

Meeting metadata is retained for 30 days after end of scheduled meeting time or end of last usage of the meeting, before automatic deletion. Call logs are retained for 14 days before automatic deletion.

CONNECT - Scan to JOIN / GO

DATA RETENTION AND PROTECTION

User metadata consists primarily of a hashed version of the user’s email address and a stored profile photo, both of which are retained for a maximum of 30 days. This window balances personalization and support needs with the principle of minimal retention, reducing the risk of unnecessary data exposure. Similarly, meeting credentials and other connection details—such as meeting passwords and IDs—are maintained by CONNECT for 30 days to accommodate customer support and ensure a robust audit trail in the event of service inquiries or incident analysis.

IDENTITY AND ACCESS MANAGEMENT (IAM)

CONNECT Scan to JOIN employs a robust identity and access management model by leveraging Microsoft Entra as its authentication backbone and by enforcing best practices for token handling. The service requires admin approval of user consent to delegated permissions, ensuring that individuals specifically agree to share their calendar data. If enterprise policies demand additional restrictions, administrators can set consent requirements that align with organizational risk thresholds and governance standards. Within the CONNECT Scan to JOIN environment, OAuth tokens, refresh tokens, and related credentials are managed under strict lifecycle rules. These tokens expire at intervals defined by Microsoft Entra configurations, forcing re-authentication and thus reducing the risk of perpetually valid sessions.

DATA FLOW AND LIFECYCLE

This section describes the journey of data within CONNECT Scan to JOIN, beginning with QR code creation and ending with the conclusion of a video meeting. By examining each stage of this flow, we highlight how data is generated, transmitted, stored, and ultimately retired in accordance with security best practices and Synergy SKY’s ISO 27001-aligned policies. These are described in the following sections:

• QR Code Generation and Display
• User Authentication and Calendar Integration
• Meeting Selection
• Session Termination - Meeting End

QR Code Generation and Display.

At the initiation of a call, CONNECT creates a unique QR code that it displays on the video system’s screen. This code is valid only for the current session and is designed to become invalid once scanned, thereby eliminating opportunities for malicious reuse. Because it appears on a physically restricted screen, the QR code remains visible only to authorized individuals within the meeting room, and only until scanned. In addition, the QR code is delivered via an encrypted video stream, preventing external interception. This transmission method enhances security by ensuring that no static QR codes are exposed, reducing the risk of social engineering attacks.

User Authentication and Calendar Integration.

After scanning the QR code, the user is directed to the CONNECT Scan to JOIN webpage, which integrates with Microsoft Entra for identity verification. Single Sign-On and Multi-Factor-Authentication is handled as per the company's Microsoft Entra configuration. When authentication is successful, the various access and refresh tokens are issued by Microsoft Entra and cached within the CONNECT Scan to JOIN environment. These tokens adhere to the configured token lifetimes as set by the Microsoft Entra policies within the organization, promoting secure session management and minimizing the possibility of unauthorized reuse.

https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens

CONNECT Scan to JOIN uses an Azure Application (CONNECT GO), which requires user consent, to access calendar data securely via Microsoft Graph API. The Azure Application consent process is governed by enterprise settings in Microsoft Azure, which an Azure administrator can configure in three different ways:

1. Do not allow user consent
2. Allow user consent for apps from verified publishers, for selected permissions
3. Allow user consent for apps

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal

The CONNECT GO Azure Application can also be deployed by utilizing Admin consent. This will let users log in without individually consenting on their first time.

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal

The Azure Application ‘CONNECT GO’ is published and verified by ‘Synergy SKY AS’.

The CONNECT GO application utilizes "Calendars.Read" and "User.Read" delegated permissions to populate the user's calendar on their device. This calendar data is held in memory only during the user’s session. It is only the user’s profile photo, and a hash of their email address that is stored subject CONNECT’s retention policy of 30 days.

The profile photo, and a hash of their email address is stored in an encrypted database, using AES-256. And all data in transit between CONNECT, Microsoft 365 and our encrypted database is encrypted using TLS 1.2/1.3 to ensure confidentiality and integrity of the information.

Access requests, usage and statistics are available through native Microsoft Entra logging, providing an audit trail for compliance and security monitoring purposes. These audit materials help detect potential data exfiltration attempts and unauthorized access.

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-audit-logs

Meeting Selection.

Once a user chooses a specific meeting, CONNECT GO transmits the necessary information—such as the meeting ID and password—to CONNECT over an encrypted channel. The following metadata is stored in CONNECT when joining a meeting:

• Meeting Type (E.g. Microsoft Teams, Google Meet, Zoom, Apple FaceTime, SIP-to-SIP)
• Joining hyperlink for the meeting
• Meeting ID & Password
• SIP URI & ID (e.g. Webex dialing information)
• Video Conference Password (e.g. when different from the native meeting password)

This metadata is stored in an encrypted database, using AES-256. And all data in transit to and from the database is encrypted using TLS 1.2/1.3

Session Termination - Meeting End.

At the end of a meeting, the session is closed, purging all unused calendar information from the service. The selected meeting metadata is retained for 30 days before automatic deletion. Logs are retained for 14 days before automatic deletion. Any unselected meeting information is ephemeral.

CONNECT TrueView^tm Engage

In CONNECT meetings a mobile phone can be used to interact with the meeting. By scanning a QR code presented on the video system’s monitors, the user’s device gets access to a CONNECT web-page, enabling features such as layout adjustments and participant engagement (e.g., raising hands or sending emojis). These commands traverse secure channels. Interaction information is retained for up to 30 days, aligning with operational requirements for auditing, incident troubleshooting, and customer support.

Governance, Risk Management, Compliance

Synergy SKY’s governance, risk management, and compliance activities are anchored by a formal Information Security Management System (ISMS) that underpins CONNECT. These activities encompass a range of policies, frameworks, and processes designed to safeguard data confidentiality, integrity, and availability at every stage of its use.

• ISO 27001 Alignment. Synergy SKY operates an ISMS conforming to ISO 27001, mapping internal controls to each operational component of CONNECT in order to ensure systematic management of information security risks.
• Risk Assessments. Periodic risk assessments identify and evaluate threats to the confidentiality, integrity, and availability of data processed by CONNECT. Each identified risk is documented and addressed with clear mitigation strategies that are tracked over time.
• Policies and Procedures. Formal policies govern data retention, incident response, user access management, and other critical operational areas. These guidelines also detail the handling of encryption keys, token storage, and the secure termination of sessions.
• Incident Response. Synergy SKY maintains a documented incident response plan that outlines responsibilities, escalation channels, and communication protocols. This plan facilitates rapid detection, containment, and resolution of security incidents, preserving overall service integrity.

Monitoring and Continuous Improvement

Monitoring of the CONNECT platform involves comprehensive logging, penetration testing, and vulnerability scans conducted on a regular basis (by a third-party organization) to validate ongoing security measures. System logs capture vital events, including user authentication sessions, calendar queries, and administrative updates, providing the foundation for both real-time alerts and post-event forensic analysis. Where potential weaknesses emerge, Synergy SKY’s internal processes ensure rapid remediation by tracking vulnerabilities through documented workflows that allocate clear responsibilities. In keeping with ISO 27001 principles, the organization also conducts scheduled internal audits and management reviews, which inform a cycle of continuous improvement. These audits validate that security controls remain effective over time and that newly discovered best practices are systematically integrated, thereby preserving a robust and resilient security posture.

Conclusion

The security of CONNECT is underpinned by well-defined architecture, thorough data lifecycle management, and robust governance processes. By integrating Microsoft Entra for identity and access control, encrypting data at rest and in transit, and maintaining strict retention policies, Synergy SKY fulfills stringent security and compliance standards. Ongoing risk assessments, vulnerability management, and adherence to ISO 27001 principles reinforce this posture, providing both users and administrators with confidence in the platform’s integrity and resilience.

Security Overview

By enforcing strong encryption standards and ISO 27001-aligned policies, Synergy SKY delivers a secure and compliant collaboration experience for enterprise customers .

CONNECT - Gateway

CONNECT - Click to JOIN

CONNECT - Join by ID

CONNECT - Scan to JOIN