We are committed to maintaining the highest standards of cybersecurity.
On this page, you’ll find detailed information about our security practices, including certifications, compliance with industry standards, and the controls we have in place to protect your data.
As part of our commitment, we are certified ISO 27001:2022, the latest international standard for Information Security Management Systems (ISMS), ensuring data integrity, confidentiality, and privacy. We are also HDS 2022 certified, in compliance with the General Data Protection Regulation (GDPR) and French public health law, for the secure hosting and processing of personal health data (Hébergeur de Données de Santé).
Transparency and trust are at the core of our approach – because your data’s security is our responsibility.
Principle of least privilege — access is restricted to authorized personnel only, based on role.
MFA is enforced on all sensitive systems including cloud environments and patient data platforms.
All data is encrypted at rest and in transit.
CVE (Common Vulnerabilities and Exposures) scans run weekly via automated workflows. Patching is completed within defined SLA (Service Level Agreement) based on severity.
Sentry and SIEM (Security Information and Event Management) tools in place. Suspicious activities trigger alerts.
Third-party vendors undergo security assessments where compliance with ISO 27001 and HDS is evaluated.
Mandatory training is conducted semi-annually, and completion is tracked and enforced.
Data stored on HDS-certified cloud providers.
Biological records are segmented per client, with audit trails active and immutable.
