Guarantee safety, availability and integrity of your IS and data.
Verifdiploma's cybersecurity guarantees in a brief summary
Top priority given to cyber security
Security Council made up of international experts
Cyber security monitoring of all our teams
Review of all internal and external collaborators
Continuous training and upgrading programme
Screening of information systems security
Securing all accesses
Time-limited complex password strategy
Validation at two levels for each session
Access to encrypted documents (diploma, identity document...)
Regular access and log audits
Permanent protection of all data
Secure dedicated servers based in France (OVH)
SSL certificates for data exchanges
Transmission via https protocol
Daily and audited backups
Duplicate backups on multiple servers
Programming of breach simulation exercises
Security control of all operations
Implementation of a business continuity plan
Planning a reversibility plan
Quality monitoring by the Quality Assurance team
Management of any information security incident
Definition of responsibilities and assignment of roles
Establishment of an incident management committee
Definition of reporting and alert procedures
Planning a regularly tested continuity plan
A verifdiplomagroup philosophy for a steady improvement
Planning regular internal and external audits
Verifdiploma's cybersecurity commitments in detail
In general terms
To implement the skills and technical and organisational measures necessary and at least in accordance with the state-of-the-art, to ensure the security of the clients’ Data and client's information system in all its components (availability, integrity - by protecting them from any infringement, in particular modification or destruction -, confidentiality with regard to unauthorised third parties, traceability of all the processing performed and authentication of all the persons having performed)
Maintain a level of expertise in information systems security that is fully compliant with the state-of-the-art, and at least sufficient for the execution of the services
Provide proof of this level of skills and organisational and technological mastery on first request by producing any recognised qualification, authorisation, or certification.
Inform the client of the evolution of this level of skills and organisational and technological mastery
Designate a security officer to ensure the level of security
Security of infrastructure and services
Guarantee a level of infrastructure and service security that is fully compliant with the state-of-the-art, particularly the ISO 27001 standards, and that is at least sufficient for the execution of the services; the level of security provided must therefore comply with its information systems security policy ("ISSP") and its application documents
Provide the client with all necessary information concerning the security of the processing it implements and/or the infrastructure it provides so that the client can assess the robustness of the architecture and operational procedures regarding its security objectives, the known weaknesses, and residual risks, and identify the additional devices to be put in place
Inform the Client of any change in its security context (e.g., change of storage location for servers and backup servers, change of technology, change of ownership, etc.).
Install security software (anti-virus, etc.) on all systems enabling the provision of services and keep them up to date by applying the latest signatures published by the publishers to protect the client against any introduction of malicious software into the client's information system or data. If, despite these precautions, a malicious program is introduced into the client's information systems or data, the costs of diagnosis and restoration shall be charged to the service provider, unless he demonstrates his total absence of responsibility for this introduction. Despite these precautions, if such a malicious program is introduced into the customer's information system or data, the customer and verifdiploma shall cooperate to determine the origin, consequences, and remediation options. Should it become apparent that the introduction of the malware is solely the responsibility of the customer, the customer shall bear the costs of diagnosis and remediation. If the Provider is responsible for the introduction of the malware, the Provider shall bear the costs of diagnosis and remediation
To regularly perform all appropriate tests and to check in advance the IT elements made available to the client or used by verifdiploma
Implementing all technical and organisational physical security measures for prevention, detection and reaction to any security risk (e.g. hacking) that may affect the buildings, server rooms, technical premises and storage areas used by the service used by the client
Provide a regular report on the risks covered and the remedial actions taken.
Organise a periodic safety committee in the presence of a client representative, during which the service provider's safety manager will review the safety risks identified and the associated safety measures taken.
Logical access control
Take all state-of-the-art, security measures regarding logical access control.
Keep a time-stamped record of the actions performed in its information system (particularly flows sent and received, new application versions, tests, errors, de-duplications, and purges, etc.) for control, audit, and evidence purposes
To keep available to the client a secure event log containing the traces of connection to the data and of the operations carried out by the authorised users and verifdiploma and, if necessary, by any other person, for a period of one year from the recording of each of these traces
Vouch for its staff and any subcontractors.
Use a data backup and service continuity system. In any case, verifdiploma ensures the backup of the information it processes in its information system and allows the restoration of the service and the data at any time. The policies, procedures and measures taken by verifdiploma concerning back-up detail in particular the responsibilities, frequency, storage conditions, access, and restoration processes as well as the control processes. These are specified and communicated to the client prior to the implementation of the services.
Prevention and management of vulnerabilities
All services provided or made accessible to the client are, upon signature of the service agreement, free of any vulnerabilities that could affect the security of the client's data or information system and of which the client has not been specifically informed in advance by means of a risk assessment
As soon as a new vulnerability has been identified by verifdiploma, the client, their subcontractors, any third party addressing one of them, or via public information, shall close this vulnerability or implement any other solution to this end that does not impact the price, performance, operation of the services, or security of the client's data and information system.
Prevention and management of security events and incidents
Establish and enforce a strict policy for security event management, security event qualification and security incident management as defined in the latest version of ISO 27001 and any current or future security standards that may be specific to the client's business
Alert the client immediately when a security incident that may affect the client's data, its information system, its infrastructure, its network or any other system that may even indirectly impact the services provided to the client (partitioning, access, hacking, loss of integrity, loss of data, etc.) has been detected or brought to its attention, or upon receipt of any complaint addressed to it by any individual concerned by the processing of the said data
Assist the client, free of charge, in the implementation of any action to deal with the security incident, including notification to the competent authorities and to the persons concerned by the breaches.
In this context :
- Assisting the client during any legal, judicial or regulatory formalities
- Providing all the information useful to the client in assessing the extent of the security incident and enabling it to communicate with its own clients
- Specifying without delay the backup and remediation procedures used in the management of these incidents, as well as their impact on the protection of the information system and the security of the data
To authorise the client, or any other service provider chosen by the client, if it is not a direct competitor of the service provider, to perform, monthly, infrastructure audits, application vulnerability audits or intrusion tests on the information systems enabling the provision of services, such as particularly the companies hosting all or part of the service provider's system
To hold the necessary and sufficient rights and authorisations to perform the said tests and audits on the information systems which are the subject of this obligation. If the results of these audits and intrusion tests demonstrate any breach in the security of the infrastructure and of any element necessary for the provision of the services, verifdiploma undertakes to take any useful corrective measures as soon as possible.
Business Continuity Plan (BCP)
Have a BCP which verifdiploma is committed to maintaining for the duration of the service to ensure continuity of service.
Keep this BCP up to date and test it regularly at its own expense.
Provide a copy of its most up to date BCP and latest tests to the customer upon request
Our proprietary technology to promote all candidates and their skills