Security Policy
At BIBLIOTECHA INC., we are committed to maintaining the highest level of security for our LabelSync
addon.
We understand the importance of ensuring the confidentiality, integrity,
and availability of your data, and we take the responsibility of safeguarding it
seriously.
The general approach towards security is following EBIOS methodology (the main method used in
France)
The approach to prevent unauthorized access of our customer data are based on the
following principles:
Risk Sources
3 main risk sources are taken care of:
- Internal individuals: Employees and Contractors
- External individuals: Providers, Competitors, Authorized Third Parties…
- Non-human sources: Viruses, Natural Disasters, Flammable Materials…
Assets
Our data is
exclusively hosted on secure servers provided by Google Cloud, and we never allow data to
transit on any other types of hardware. We use secured databases and password protection
inside the network, and only managers and team leaders have full access to live data. Our
database and gateway passwords are secured in a hard-encrypted file that is stored on a
separate server and is used only once by the live server at each deployment.
Hardware
Data is exclusively hosted on secured servers, provided by Google Cloud (Google Compute Platform Infrastructure) and data does never transit on other types of hardwares (USB, CDs, mobile phones, local computers etc..).
Databases
Databases hosting our customers’ data are secured and
password protected inside the network. Only managers/team leaders have full to the live
data. Developers work on staging data and do not have the possibility to access live
data.
Database and gateways
passwords are secured in a hard-encryption file that is stored on a separate server and
that is used once by live server at each deployment.
Softwares
We use a minimal number of third-party tools, such as Mongo DB and Zabbix, and each installation of new software undergoes a strict security clearance, including screening for trojans or spyware. Only users who require access to these tools have credentials and authorization to use them.
Network
Our network is exclusively web-based on Google architecture, and we have one employee
assigned full-time to security management and access permissions.
Infrastructure access,
such as FTP, is protected by 4 levels of restrictions:
- Google Account approval (only approved Google email IDs can access)
- 2-step authentication of the Google account.
- IP addresses : Only a set of whiltlisted IP addresses. Work from Home users have to communicate their IP address every day.
- An additional 2-step in-house authentication system using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password algorithm (HOTP).
- Measures are also in place to prevent DDoS or SQL injections.
- Our employees are trained to avoid phishing or “cloud-based” viruses (that would require them to log in to their Google account to open a file, for example)
People
- All employees and contractors are screened before hire, and they sign an NDA and are regularly reminded of the security and privacy measures and the risks and penalties related to data breaches.
- The number of users accessing customer data is strictly limited to security and management staff.
- development and support teams can impersonate users and access their contacts for troubleshooting and support purposes only.
- All activity on servers and platforms is logged and monitored, and any abnormal activity will be immediately detected and investigated.