Security means a more reliable application

rack.jpg

Our commitment is to consolidate the trust of all parties we work with (users, partners, suppliers etc.), and to protect sensitive data.

Our information security management system (ISMS) covers all business-critical processes that are essential to the security of data linked to our software application. This system complies with the ISO/IEC 27001:2013 standard and its implementation complies with the requirements of our October 2018 Statement of Applicability.

12 specific areas and basic principles are applied in the field of data protection,

to minimize the risks of security breaches related to the processing of information, and the impact on the business of any consequent damage.

1. Definition and communication of information security policies, standards and procedures

Actia implements specific policies, standards and procedures that form the data protection basis. These documents are made available to all internal and external staff, who are required to adhere to them.
As part of our business activities, our Quality and Security Manual and Statement of Applicability may be shared.

2. Organization of data protection

All internal and external staff must be attentive to data protection. Market-IP assigns specific roles and responsibilities in order to achieve effective and consistent management of data protection processes.

3. Human resources data security, asset management

Actia requires compliance with these procedures and standards when a new internal staff member or consultant is employed, to ensure data protection practice is consistent. Each employee or user of the IT infrastructure must be aware of the main risks and vulnerabilities that could jeopardize the information and the data protection rules and responsibilities to which they are subject as part of their work. They must also have appropriate training that enables them to use the information systems they have access to in a safe and efficient manner.
Actia also ensures the organization’s interests are protected in the event of contract amendment or termination.

4. Classification, management and access control

Actia establishes an inventory and classification of sensitive IT assets and appoints an owner responsible for approving access and identifying business impact, and for audits of the IT assets in their possession.
Actia implements physical and logical access controls, and implements these for all IT assets and resources, to ensure that access is based on genuine need and according to the specification of each internal employee or external consultant. The owner of the IT assets has responsibility for access rights. Certain rights require approval from senior management.

5. Cryptography

Cryptography is implemented at https SSL and FTPS encrypted access level. Box communications pass through a private and secure APN. Some boxes, depending on the model, can be encrypted by activating an option.

6. Physical and environmental security

Actia takes the necessary physical protection measures to prevent unauthorized access, damage and disruption to buildings, including IT resources (particularly data and information systems).

7. Management of operating system security

Market-IP maintains a repository of IT policy documents and appropriate procedures and applies these through the various management activities and through use of the information systems, particularly changes and incidents affecting the systems. Separation of roles prevents a staff member from having all access rights and privileges for performing critical operations.
An appropriate information systems management process is put in place, including safeguards and provisions for technical development and for incident handling.

  • Development, production and testing environments are separated to reduce unauthorized access.
  • Automatic back-up systems are in place.
  • A monitoring system monitors the availability of information and sends notifications of technical events and vulnerabilities.
  • An incident management process identifies incidents and enables controlled management.

 

8. Information security

In addition to the control measures taken regarding physical and logical access, an information protection policy covers the classification of information and issues around confidentiality.
Communications security is central to the security policy and is covered in several points, such as access management, employment contract, etc.

9. Development and maintenance

Protection requirements exist for each of our processes and are defined in collaboration with the information security department before any development or substantial change to information systems involving risks. Depending on the classification of the data, the potential risks and their impact (risk analysis), mitigation measures are implemented to reduce the risks to an acceptable level.

10. Supplier relationships

Actia ensures sensitive data is protected in its supplier relationships.

11. Business continuity/ information security plan

Actia develops and maintains emergency procedures to ensure the continuity of its information systems and services, according to specific requirements and potential risks. These plans enable Actia to continue its activities and ensure that critical processes, systems, networks and equipment can continue to operate. They guarantee that enough staff are always available to resolve all critical problems within the allotted time.

12. Compliance

Actia ensures that information security measures comply with external legislation and with internal requirements.

Certification accredits our level of oversight of our processes, and guarantees to our customers the highest standards of protection of sensitive data