Your security is our priority
For us, nothing is more important than confidentiality and data security. Especially when they are yours.
Security
For Atolia, your data security is our priority, just as much as your collaborators’ data. This is the reason why we have installed 50 security measures : data hosting, specific development, audits, activity follow up plans and also physical security of our offices.
Availability
Every single piece of data you share with us is saved and duplicated on three different sites within France. That way if there is a problem, your data is automatically switched to one of the other hostings, guaranteeing you maximum availability of your data.
Confidentiality
The access to your account is done in the most secure way thanks to our different protection mechanisms. Your data is encrypted at all times from the moment it leaves your computer to the arrival at our hosting service.
Integrity
To guarantee an undefeatable integrity, we protect access to documents, online as well as through internal communication. Plus, we back up your data on the daily and regularly train to be able to restore any type of lost data.
Human resources
Verification of search history and previous suspicious history for any collaborator.
We regularly train our employees with security courses and every security policy is being reviewed each trimester.
When you sign up to Atolia, or even if you are just a guest, you will be asked to sign a security chart and a confidentiality agreement.
Before each internal project or specific development, a RACI matrix is created to define roles and responsibilities of each of the team members.
Our office devices used by our team are all protected : automatic lockup, complex passwords, access control, updates, firewalls, virus protection and encryption of our hard drives.
Physical security
To enter our offices and headquarters, you have to go through 3 doors, all protected and unlockable with individual badges.
Access to our offices is activated for 30 days.
24/7 security cameras are keeping an eye on our offices, and an alarm is ready to alert us if anything happens.
Every guest’s visit is being recorded and noted down.
Paper documents are being kept and stored in a locked safe.
Our infrastructure
Our headquarters and physical servers are hosted in France at Outscale Dassault Systemes) and are certified ISO27001, ISO27017, ISO27018 and SecNumCloud by ANSSI.
The Private Cloud offers a dedicated environment for each subscriber and an option to filter by IP address.
Infrastructures for development, for testing and production are strictly different and separated.
Atolia’s digital network is isolated from the rest of the Internet. The only point of access to the public is exposed through a firewall containing access rules.
Data
Our data is exclusively hosted in France, on three different sites.
Guests and collaborator’s access are authorized through a VPN and a double-authentication factor (2FA).
All the data is encrypted as AES-256 during the transmission as well as while it is being stored.
A backup of all our data is organized, plus a restoration practice is done on a daily basis.
All the data is being transmitted only thanks to the TLS/SSL protocol. Thanks to SSL Labs for giving Atolia’s certificates an A+ grade.
Activity reports
Access to our systems, as well as any alteration to data are archived into our activity reports.
Every technical event coming from the systems is identified and archived separately. Errors and technical issues are notified in real time to our teams.
Access to the activity report by guest is only authorized via a VPN and a double-authentication factor (2FA).
Activity reports are kept, saved and stored for a full year.
Secure development
Each software development has been reviewed by multiple engineers.
SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools are used to scan our coding and applications.
Every third-party software we use is being analyzed prior to use by our engineers and developers.
Access keys and tokens to development are different from the production ones.
Certificates
A few different measures have been taken to be in alignment to the GDPR law. Have a read at our dedicated page.
Payments through Atolia are safe and go through a PCI DSS certified third-party.
Outscale (Dassault Systemes) hosting services are certified ISO27001, ISO 27017 and ISO27018.
For more transparency on how we proceed, we are working towards getting the ISO27001 certification.