Data Protection

Special procedures for continuity of services and business recovery(called "resilience") that are activated when a risk occurs and causes damages.

This policy is monitored and measured continuously. 

It is certified each year by two certifications: 

• ISO 9001-2015 certification IAF33 "Datacenter, Hosting and Housing"which reviews our operating procedures, our quality plan, and the measures taken to address the threats.
• PCI DSS Level 1 certification, chapters 9 and 12, which evaluates:
• Our procedures for physical protection of the equipment, data protection, and resilience
• Our general information security policy and its sharing by all staff

• The ISO / IEC 27001: 2017 certification "Design, supply and management of data center hosting and hosting services and processing of personal and health data" which examines:
• Our ISMS (Information Security Management System)
• Our procedures for continuous improvement of Information Security
• The HDS certification: 2018 Hosting Health Data, both as a hosting and outsourcing provider. The certification covers:
• The physical building that hosts the data
• The hardware infrastructure that hosts the data
• The platform that makes it possible to use the data
• The Information Security Management System and more precisely the procedures that allow us to manage the data

ISO9001 Certificate

PCI-DSS Certificate

ISO 27001 Certificate

Health Data Hosting Certificate

As a data hosting provider, the European regulation assigns us a role of data "processor" supplier, subcontractor of the customer who remains the owner and "controller of the processing" that he applies to his data.

This means that our customers should establish a mapping of personal data that they collect, store, process and render. A register must be kept up-to-date to attest to the traceability of the transactions. All processes for the processing of personal data must be designed from the beginning according to a principle of "privacy by design" which allows to respect this regulation.

For our part, we must be able to attest at any time that our information security policy also complies with this regulation. For example, we need to know exactly where the data are hosted and we need to know how to detail at any time our data protection, resilience and reversibility procedures.

The "Tier 4" level of protection of our main datacenter in Sophia Antipolis and the security procedures set up at TAS, in particular for our certifications, are aligned with the requirements of this regulation, as for our role. 

However, the sharing of responsibilities with our customers "data processing controllers" remains a constant point of awareness, especially when we provide the administration of the outsourced servers. The protection of data is a permanent job, which cannot be decreed once and for all, especially given the human errors that can occur even in highly automated processes.

Our hosting services are formalized by personalized contracts that take into account the particular context of each customer.

Datasheet GDPR

We use the best solutions on the market, such as Asigra Cloud Backup for example, to save and rebuild your data in all circumstances, whatever the platform and the operating system on which you use your data: physical server, virtual, container, workstation, tablet, smartphone.

Our solutions also make it possible to include the backup of data not stored at TAS, for example on remote servers or mobile devices.

Our most sensitive and demanding customers require a very high speed and very high availability services in all circumstances, 24/7, 365 days a year.

In this case we build multi-server and multi-site architectures with a level of redundancy allowing users to continue normal business, without significant service interruption, even when a major incident occurs on their network.

Data Protection: Asigra Case Study

TAS France Risk Assessment