Security
This page describes in detail the technical and organizational measures implemented by Iopole to protect personal data and guarantee the security of its customers' information.
As part of its secure transmission of electronic invoices, Iopole has taken security measures at various levels.
Iopole implements appropriate security measures to protect personal data against various risks, taking into account technological advances.
Measures include access control, physical security, and incident management, guaranteeing a level of security commensurate with the risks. These measures evolve with technical progress to maintain an optimal overall level of security.
Measures we’ve put in place
Customer data
Redundancy of its servers in separate geographical zones.
Regular backups of all the data you entrust to us, including unalterable archives of these backups.
A particular focus on security, both in terms of production infrastructure and workstations, development methods and in-house tools and software.
All security measures are implemented and strictly controlled as part of its ISO 27001 certification. These measures include strict access control, encryption of all communications on internal and external networks, systematic encryption of secret information and customer data at rest, and regular security audits and tests by external service providers.
Vulnerability management
Vulnerability management is based on a dedicated policy for classifying and historizing vulnerabilities, with weekly updates of workstations. Dependencies are analyzed via automated scans, blocking insecure deployments. A weekly security watch is performed to detect new vulnerabilities.
Privacy and personally identifiable information
This text sets out measures for the protection of personally identifiable information, including data collection, storage and management.
- The collection of PII is limited to essential business needs and requires a legal basis for sensitive data.
- PII is stored on secure systems with access restricted according to the principle of least privilege.
- In the event of a data breach, a notification procedure is put in place and employees are trained in the protection of PII.
- PII is kept only for as long as necessary, and securely deleted after this period.
Relations with subcontractors
Iopole imposes strict security requirements on its subcontractors, including up-to-date ISO 27001 certification**, and annually assesses the criticality of suppliers according to their dependence and access to the information system. Each subcontractor is required to comply with personal data protection standards by means of a subcontracting agreement.
List of Subcontractors Involved in the Processing of Personal Data
| NAME OF SUBCONTRACTORS | ACTIONS PERFORMED ON THE DATA | SERVER LOCATION | MEASURES TO COVER THE TRANSFER (if applicable) |
|---|---|---|---|
| OVHCloud | Data hosting and management | France | N/A |
| Microsoft | Cloud services, email management, productivity | France | N/A |
| Atlassian | Project management and collaboration | EU | N/A |
| Namirial | Electronic signature services | EU | N/A |
| MailJet | Sending marketing and transactional emails | EU | N/A |
| UpTime | Availability monitoring and management | EU Probes and US Data | Limited to retaining email addresses only |
| Yousign | Electronic document signing | EU | N/A |
| Xelians | Archiving with probative value | EU | N/A |
| Hubspot | Customer relationship management, marketing automation | Germany | N/A |
| Axonaut | Business management, invoicing, project management | EU | N/A |
| Leexi | Using artificial intelligence for transcribing and analyzing customer calls | Belgium | N/A |
| Hunter | Email search and verification | EU | N/A |
Want to know more?
Find out more about our technical and organizational measures