What security measures do we put in place to protect your data?

Securing IT equipment:    
- Implementation of an automatic session lock    
- Disk encryption    
- Anti-virus protection    
- Installation of firewalls

Network and database security:    
- Implementation of VPN solutions to ensure an encrypted and secure connection to the network and increased data protection    
- Implementation of complex passwords with a requirement to change them periodically    
- Strict separation of development, test and production environments

Securing the code:  
- Access to strictly controlled source code, with systematic peer review when merging new codes  
- Software-as-a-Service Training of our employees: Equify members are regularly trained and made aware of confidentiality and data security.

How do we ensure the confidentiality of your data?

Awareness and empowerment of our teams:    
- Systematic background checks of candidates    
- Signature of a confidentiality agreement and adherence to our security and confidentiality charter by all of our members    
- Limitation of access to customer data to only members showing an interest in the views of their mission
‍
Data encryption:    
- Encryption of all data, including backups, both during transmission and during storage (AES-256 algorithm)    
- Anonymisation of sensitive data

How do we guarantee the availability of your data?

Hosting of your data:    
- All data, including backups, is hosted in France    
- Data replication in multiple data centers to ensure their durability and access in the event of a disaster.

Database backup:    
- The database is subject to a daily backup and test
- Continuous replication of all data on 2 nodes for databases and 3 nodes for storage on AWS S3.

Each node is hosted in a specific data center, geographically separated from the others.

=> In the event of an incident in a data center, the data stored there is automatically replicated in the other data centers

How do we protect your data from any alteration?

Access security:    
- Mandatory authentication of users by email and password (controlled by a strict policy)    
- Saving of connections and connection attempts to detect possible fraudulent use of accounts    
- Internal data access reserved for duly authorised employees, through a VPN

System access traceability and data modification:    
- Implementation of audit logs to identify and archive any access to systems, as well as any access and modification of data on these systems    
- Identification and archiving separately of all technical events of the systems, such as errors    
- Automatic replication of logs 3 times in 3 remote data centers in France (AWS servers, ISO 27001 certified), automatically switching from one to the other in the event of an incident    
- Retention of audit logs set at one year