Data Protection

Security FR

Security

Data protection is at the core of our business. Our security policy is organized in 4 main dimensions:

Physical security: tools and procedures that physically protect equipment against exogenous risks to which they may be exposed.

Logical security: tools and procedures that protect the data that circulates and is stored on the devices and protects software that activates functions to exploit the data.

Operating procedures: the modelling of all our production activities and our SLA.

Special procedures for continuity of services and business recovery(called "resilience") that are activated when a risk occurs and causes damages.

This policy is monitored and measured continuously. 

It is certified each year by two certifications: 

  • ISO 9001-2015 certification IAF33 "Datacenter, Hosting and Housing"which reviews our operating procedures, our quality plan, and the measures taken to address the threats.
  • PCI DSS Level 1 certification, chapters 9 and 12, which evaluates:
    • Our procedures for physical protection of the equipment, data protection, and resilience
    • Our general information security policy and its sharing by all staff
  • The ISO / IEC 27001: 2017 certification "Design, supply and management of data center hosting and hosting services and processing of personal and health data" which examines:
    • Our ISMS (Information Security Management System)
    • Our procedures for continuous improvement of Information Security
  • The HDS certification: 2018 Hosting Health Data, both as a hosting and outsourcing provider. The certification covers:
    • The physical building that hosts the data
    • The hardware infrastructure that hosts the data
    • The platform that makes it possible to use the data
    • The Information Security Management System and more precisely the procedures that allow us to manage the data

ISO9001 Certificate

PCI-DSS Certificate

ISO 27001 Certificate

Health Data Hosting Certificate


GDPR

The General Data Protection Regulation is a European Community regulation which applies as it is throughout Europe. It concerns the data protection of European citizens whether the operators concerned are in Europe or elsewhere in the world.

The operators concerned are all organizations that, at any point in their process, collect, store, process and return personal data, whether this has remained on paper or has been digitalized. We understand immediately that all companies, big and small, are concerned.  

GDPR EN

As a data hosting provider, the European regulation assigns us a role of data "processor" supplier, subcontractor of the customer who remains the owner and "controller of the processing" that he applies to his data.

This means that our customers should establish a mapping of personal data that they collect, store, process and render. A register must be kept up-to-date to attest to the traceability of the transactions. All processes for the processing of personal data must be designed from the beginning according to a principle of "privacy by design" which allows to respect this regulation.

For our part, we must be able to attest at any time that our information security policy also complies with this regulation. For example, we need to know exactly where the data are hosted and we need to know how to detail at any time our data protection, resilience and reversibility procedures.

The "Tier 4" level of protection of our main datacenter in Sophia Antipolis and the security procedures set up at TAS, in particular for our certifications, are aligned with the requirements of this regulation, as for our role. 

However, the sharing of responsibilities with our customers "data processing controllers" remains a constant point of awareness, especially when we provide the administration of the outsourced servers. The protection of data is a permanent job, which cannot be decreed once and for all, especially given the human errors that can occur even in highly automated processes.

Our hosting services are formalized by personalized contracts that take into account the particular context of each customer.

Datasheet GDPR


Backups- PRA - PCA EN

Backups- PRA - PCA

We systematically propose to our customers backup and restore procedures for the data we host.

Our backup solutions also make it possible to include into the scope the data that are not hosted by us, for example data which are on remote servers or mobile devices.

In any case, we encourage our customers to define a backup policy(data criticality, backups frequency, backups location, data retention, acceptable restoration times, etc.) and to define their level of requirement for business continuity in the event of a disaster.

We use the best solutions on the market, such as Asigra Cloud Backup for example, to save and rebuild your data in all circumstances, whatever the platform and the operating system on which you use your data: physical server, virtual, container, workstation, tablet, smartphone.

Our solutions also make it possible to include the backup of data not stored at TAS, for example on remote servers or mobile devices.

Our most sensitive and demanding customers require a very high speed and very high availability services in all circumstances, 24/7, 365 days a year.

In this case we build multi-server and multi-site architectures with a level of redundancy allowing users to continue normal business, without significant service interruption, even when a major incident occurs on their network.

 

Data Protection

TAS France Risk Assessment