Login
Try for free
Try for free

Technical and Organizational Measures

Technical and Organizational Measures – Illizeo

In accordance with Article 32 of the General Data Protection Regulation (GDPR)

General Considerations

In the context of the contractual relationship between Illizeo (as processor within the meaning of Article 4.8 of the GDPR) and its clients (data controllers within the meaning of Article 4.7), each party has the responsibility to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

Illizeo takes into account the state of the art, implementation costs, as well as the nature, scope, context and purposes of processing, as well as the risks to the rights and freedoms of data subjects, to determine and maintain the highest possible levels of protection.

Illizeo is in the process of ISO/IEC 27001 certification and strictly adheres to international information security standards. A commitment is also made to align with the recommendations of the EDPB (European Data Protection Board) regarding supplementary measures (cf. Schrems II judgment – CJEU).

The following sections detail the concrete measures implemented.

Detailed Technical and Organizational Measures

Organizational Controls – Illizeo

Internal governance and official directives

Illizeo’s information security and personal data protection policy is based on a robust, formalized and regularly updated documentary framework. This includes in particular:

An Information Security Policy (ISP) defining the responsibilities, principles, and control mechanisms applicable to all processing activities.

A Personal Data Protection Policy, applicable to all employees and service providers.

Specific procedures addressing concrete use cases such as:

These documents are binding, validated by General Management, and made available in an auditable internal repository. Adherence to these policies is a prerequisite for any operational activity.

Formal designation of a Data Protection Officer (DPO)

Illizeo has appointed an external and independent DPO, in compliance with Article 37 of the GDPR. The DPO:

The DPO’s contact details are available in contractual documents and on Illizeo’s official website.

Confidentiality commitment and third-party compliance

All Illizeo employees sign, at the time of signing their contract or at the latest during their onboarding, a formal contractual commitment to confidentiality and respect for data protection legislation. This commitment complies with the requirements of Articles 5 and 32 of the GDPR and:

Training, awareness and security culture

Each employee benefits from:

An onboarding training dedicated to data protection and IT security upon arrival;

Mandatory annual awareness sessions covering:

An evaluation quiz is integrated into these trainings to ensure assimilation of best practices. Results are tracked for auditability.

Strictly professional use of equipment and digital tools

Illizeo imposes strict separation between private sphere and professional use:

Each employee signs an IT charter that formalizes these obligations upon arrival.

Personnel security throughout the HR lifecycle

Illizeo applies rigorous security management related to human resources at each stage:

Before hiring:

During employment:

In case of non-compliance:

At departure (offboarding):

The entire onboarding and offboarding process is documented, tracked, and verifiable in the HR and ITSM tools used by Illizeo.

Technical Controls

Security of corporate IT equipment

Illizeo applies rigorous standards to ensure the protection of its workstations and IT equipment, considered critical points of exposure to threats.

Each employee has exclusively a professional laptop provided and administered by Illizeo, equipped with:

Security updates are deployed automatically in near real-time via a secure pipeline (CI/CD IT).

Using the equipment without the active security agent is technically impossible. Any attempt to disable or bypass triggers an automatic alert to the Security team.

No local administrator account is authorized on the user side. Any privilege elevation requires temporary validation from the IT team.

Infrastructure security and server monitoring

Illizeo’s technical infrastructure is based on a secure cloud environment, based on ISO 27001 certified European providers and structured around the following principles:

Each server instance is protected by a host-based intrusion detection system (HIDS), capable of:

Behavioral and heuristic correlation mechanisms identify execution of non-compliant binaries, vulnerable libraries, or exploitation attempts.

In case of threat detection, an immediate alert is transmitted to Security teams via an automated notification system.

All supervision, detection and remediation actions are based on certified tools maintained by internal experts, with complete logging of critical events.

Network security and connectivity

Illizeo’s network policy is based on a Zero Trust approach, combined with compartmentalization, filtering and conditional access mechanisms:

Servers are:

Network Access Control List (NACL) rules are applied according to service roles. No port is exposed without documented technical justification.

Network monitoring is based on IDS/IPS solutions coupled with a continuously updated Threat Intelligence platform.

Encryption of personal data

Key management

Illizeo applies state-of-the-art cryptographic procedures to guarantee the security, integrity and availability of encryption keys used in the processing of personal data.

Keys are generated, stored and managed via a Key Management System (KMS) solution integrated into Illizeo’s cloud services, while remaining entirely owned and administered by Illizeo’s teams.

The key lifecycle (generation, rotation, revocation) is governed by documented internal procedures, with automated periodic rotation.

All accesses to the key management system are logged, analyzed in real-time and subject to strict role-based access controls (RBAC).

In case of anomaly or non-compliant access, an automatic alert mechanism immediately notifies Security teams for rapid analysis and remediation.

Database and storage encryption (Data at rest)

Personal data stored in Illizeo’s systems benefits from systematic and robust encryption at rest:

Encryption of data in transit

All personal data transfer, whether internal or external, is carried out via encrypted communication channels, according to the strictest standards:

Data media and terminals

The management of physical data media is based on strict restrictions and a reinforced security policy:

Encrypted exchange of files and communications

File and message transmission mechanisms between Illizeo and its clients are designed to guarantee data confidentiality and non-alteration:

Data deletion

Secure deletion of personal data is an essential step in the lifecycle of processing operations carried out by Illizeo. It aims to ensure that data is neither kept beyond the necessary duration, nor accessible after expiration of the contractual relationship, in accordance with the requirements of Articles 5 and 32 of the GDPR.

Deletion of data in information systems (IS)

At the end of the termination or expiration of the contract between Illizeo and its client, personal data processed in various application modules (HR, payroll, onboarding, etc.) are kept for a grace period of 30 days from the effective closing date.

After this period, all relevant services and databases automatically trigger a definitive deletion process, governed by strict rules (logical purge, physical deletion, index cleaning).

If a system does not allow automated deletion, a documented manual intervention is carried out by authorized teams, based on a workflow validated by Technical Management and the DPO.

Proof of deletion (timestamped log) is generated and archived for internal audit and possible inspection by authorities.

Deletion of data on physical and digital media (Data Carriers)

All data potentially stored on physical media (hard drives, SSDs, laptops, etc.) is irreversibly destroyed via a specialized third-party service provider, certified for secure media management.

This provider operates from its own destruction units compliant with European standards, and uses data deletion software compliant with the following standards:

The process includes multiple erasure of memory blocks, with controlled overwriting, then shredding or physical destruction of the media, as appropriate.

Deletion of data on printed documents

As a principle, printing documents containing personal data is strongly discouraged and restricted to exceptional cases, subject to justification.

When printing is performed (for example, for signature or occasional administrative use), the document is kept in a secure location, then destroyed as soon as it is no longer strictly necessary.

Destruction is done by:

The objective is to ensure that no information can be reconstructed or exploited later, even by advanced technical means.

Physical Controls

Physical protection of Illizeo’s facilities is an essential component of its overall security strategy. It aims to prevent any unauthorized access to sensitive areas where personal or confidential data is potentially processed or stored.

Electronic access security for premises

All Illizeo premises are permanently locked and equipped with a centralized electronic access control system.

Opening doors is conditional on the use of an electronic key or personal nominative badge, associated with a unique identifier.

Access is timestamped and tracked in a supervision register, operated by facility management teams.

Allocation and centralized management of access keys

Distribution of badges or access keys is strictly governed by a centralized physical authorization management process.

Each badge is:

Regular reviews are conducted to verify the consistency of physical access rights (quarterly authorization review).

Visitor supervision and external contractor accompaniment

No external person (service provider, client, visitor, delivery person) is authorized to circulate freely in Illizeo’s premises.

Access to offices necessarily requires:

Sensitive zone control (differentiated physical access)

Illizeo premises are segmented into security zones according to their criticality level:

Protection measures include:

Visitor management and delivery procedures

Visits are formally recorded, with entry/exit traceability, and wearing of “VISITOR” badge.

Parcels and deliveries are received in a secure buffer zone, out of reach of internal work areas.

No direct delivery to internal spaces is authorized without supervision.

“Clear Desk” and “Clear Screen” policy

Illizeo applies a strict policy of clear desk and screen, to reduce the risk of unintentional data exposure:

Random internal checks are carried out to ensure compliance with this policy, particularly in open-spaces and meeting rooms.

Access Controls – Authentication

Access to Illizeo’s information systems, as well as to the personal data they process, is based on a robust authentication architecture, designed to minimize the risks of unauthorized access, account compromise or internal drift.

Enhanced authentication mechanisms

All internal platforms and systems at Illizeo are protected by a centralized single sign-on (SSO) solution, which allows unified identity control.

Authentication is supplemented by mandatory multi-factor authentication (MFA), which combines:

High-privilege systems (infrastructure control, database administration, authorization management…) are subject to specific access protocols, which require:

Strict password management policies

Illizeo applies a password policy compliant with NIST SP 800-63 and ANSSI standards:

Passwords are irreversibly hashed via robust algorithms (e.g.: bcrypt with random salting per session).

Prohibition of shared accounts and credential confidentiality

The use of shared or generic accounts (like “admin@”, “test@”) is strictly prohibited, both for employees and clients.

Each user has a personal nominative account, for which they are solely responsible.

Disclosure of credentials (login/password) to a third party, whether internal or external, is formally prohibited and constitutes grounds for disciplinary or contractual sanction.

Logging of access and connection attempts

All connection and disconnection attempts to critical systems (admin, client, servers, SSO, VPN, etc.) are systematically recorded, including:

Logs are kept for a period of 30 days, in a secure storage environment (SIEM).

In case of suspected abnormal activity, these logs can be:

Authorization Controls

Authorization control is a fundamental pillar of Illizeo’s security policy. The objective is to ensure that only strictly authorized employees can access sensitive systems, data and environments, in compliance with the principle of least privilege and the traceability requirements defined by the GDPR (art. 32 and 5).

Role-based authorization model (RBAC)

Access to critical resources (administrative applications, databases, servers, client modules) is strictly governed by a hierarchical authorization model, based on:

Access rights are:

Administration rights to critical systems are limited to a restricted number of employees, expressly designated and regularly audited.

Control of Illizeo team access to client accounts

Illizeo clients can manage Illizeo support access rights to their environment via a secure administration interface.

This option allows:

By default, no access to client data is possible without explicit activation by the latter, except for contractually governed cases (troubleshooting, maintenance, production support).

Assignment, update and revocation of rights

Any request to create, modify or delete access rights must be initiated by the employee’s line manager, and transmitted to the IT team via a formalized process (ticket, workflow or validated form).

Access rights are systematically reviewed at least once a year, as part of an authorization review supervised by Security teams and relevant managers.

In case of function change, perimeter or project change, immediate rights update is required to ensure adequacy with the new role.

When an employee leaves the company:

Separability – Illizeo

The ability to isolate environments, data and client contexts is a critical security requirement. Illizeo has implemented strict technical and logical separation to guarantee the impermeability of flows, access and data between the different layers of its information system.

Compartmentalization of development, test and production environments

Any software change (patch, evolution, improvement) must necessarily follow a step-by-step validation cycle, including:

Environments are strictly separated, each hosted on dedicated infrastructure or isolated by network and access controls.

Debugging or diagnostic operations are only authorized in production as a last resort, only if the error is caused by data that cannot be reproduced in the test environment (e.g.: non-simulatable corruption after anonymization).

In this case, the intervention is governed by a change management process, with authorization, logging and reversibility.

Network compartmentalization of business environments

Illizeo structures its network infrastructure according to functional segmentation, to restrict inter-environment communications and limit the attack surface:

Main long-term segments include:

This separation is achieved using distinct physical networks or via virtual networks (VLAN/VPC) with inter-subnet filtering.

Logical compartmentalization of client data (Secure multi-tenancy)

Illizeo’s SaaS architecture is based on a multi-tenant model with strict logical client separation, guaranteeing that no data can be consulted or processed by an unauthorized third party.

Each client is associated with a unique identifier (e.g.: company ID / internal UUID) that is integrated into all processing layers (database, application logic, API).

Business processing, SQL queries, exports, APIs, and automated routines include explicit client identifier validation, preventing any inter-account data leak.

Automated integration tests are continuously executed to ensure that no code modification would allow circumvention of this isolation.

This model drastically reduces the risk of cross-exposure, even in case of software bug or misconfiguration.

Measures guaranteeing integrity – Transport and disclosure control

The integrity of personal data, i.e. their accuracy, consistency and protection against unauthorized alterations, is ensured by a set of technical and organizational measures implemented in all data flows, internally and externally.

Pseudonymization and anonymization

Illizeo applies pseudonymization or anonymization mechanisms to personal data when necessary, particularly in analysis, debugging or testing contexts.

No real client personal data is used in development or test environments. These environments operate exclusively from simulated, anonymized or artificially generated datasets.

When anonymization is impossible to reproduce a bug or validate a patch, an exceptional, tracked and approved process governs intervention on pseudonymized data.

Transfer security and exchange monitoring

Illizeo implements network traffic and inter-system connection security mechanisms to guarantee the confidentiality, integrity and traceability of circulating data.

These mechanisms include:

Access to internal resources from a public network is conditional on using a professional VPN, combined with multi-factor authentication (MFA).

In case of physical data transport (e.g.: encrypted backup media), the media is encrypted (AES-256) and protected against any manipulation or accidental loss using security seals and enhanced logistical traceability.

Strict prohibition of unauthorized disclosure

Illizeo only authorizes communication of personal data at the express request of the client, within the limits of contractually provided services.

Any disclosure to unauthorized third parties (for example, non-consented storage on non-contractual cloud infrastructure) is formally prohibited.

All subcontractors or service providers with access to personal data are subject to specific contracts (DPA), legally validated and compliant with Article 28 of the GDPR.

Input Controls – Traceability of system actions

Input control allows guaranteeing that all actions on data processing systems are identifiable, traceable and verifiable, in accordance with the GDPR’s accountability principle.

Centralized logging of system activities

All administrative and client systems of the Illizeo platform continuously record actions performed by users and administrators, including:

This logging particularly covers:

Logs are kept for a minimum of 30 days in a secure, encrypted environment inaccessible to standard users.

Upon client request or in case of suspected compromise, detailed log analysis can be triggered, with export for audit, incident management or legal evidence purposes.

Measures ensuring availability

System and data availability is a strategic priority for Illizeo. Robust technical and organizational measures are implemented to guarantee business continuity, resilience to incidents, and the ability to restore services in case of disaster.

Backup strategy and data security

Illizeo performs automatic backup every 24 hours of databases containing personal data and client documents.

These backups are kept for a period of 30 days in separate, encrypted environments protected against unauthorized access.

Backed up are:

Regular restoration tests are performed to validate the reliability and speed of the recovery process.

Backup performance is monitored in real-time, with alerts in case of failure or anomaly.

Geo-redundancy of production data and backups

To prevent service interruptions in case of major disaster (fire, natural disaster, extended power outage…), Illizeo has implemented a geo-redundancy strategy.

Production data and backups are hosted in physically separate data centers, located in distinct availability zones within the European Union and Switzerland.

This geographical separation guarantees that, even in case of total unavailability of one site, services can be restored from a backup site within deadlines defined by internal RTO/RPO.

Proactive capacity management

A capacity management policy is in place to ensure that allocated hardware and software resources are always sufficient to absorb processing load.

Predictive monitoring tools monitor:

In case of exceeding a critical threshold or risk of saturation, automatic notifications are sent to on-call engineers, allowing preventive corrective actions.

Alert systems and server status monitoring

Server and application service health status is monitored 24/7 via a centralized monitoring platform (Prometheus, Datadog or equivalent type).

In case of:

a real-time alert is automatically triggered.

Technical teams are instantly informed by notification (email, SMS, emergency channel), and can apply remediation measures without delay.

Incident management and response plan

Illizeo applies a structured, documented and regularly updated incident management process.

This process includes:

Crisis simulation exercises are organized to test the effectiveness of the system (continuity plan, DRP/BCP).

Guaranteed availability at data center level

The cloud infrastructure used by Illizeo is exclusively based on providers certified ISO/IEC 27001 or SOC 2 Type II or BSI C5.

These certifications attest to the implementation of:

SLAs (Service Level Agreements) provide for annual availability exceeding 99.9% for critical infrastructures.

Recoverability

Illizeo implements concrete measures to guarantee that, even in case of major failure or disaster, services can be quickly restored and data restored under reliable, integral and secure conditions.

Regular data restoration tests

To guarantee effective data recoverability, Illizeo performs complete and planned restoration tests at regular intervals, according to a schedule defined in its business continuity plan.

These tests include:

Results are documented, tracked and analyzed, with triggering of continuous improvement plans in case of deviation.

Additionally, hot tests (targeted restoration on real minor incident) may be performed to verify process effectiveness under real conditions.

Business continuity and disaster recovery plan (DRP)

Illizeo has a documented, tested Business Continuity Plan (BCP) aligned with international standards (ISO 22301).

This plan defines actions to undertake in case of:

It includes in particular:

The DRP is tested at least once a year, with compliance reporting transmitted to General Management.

Verification, evaluation and compliance measures

Illizeo implements compliance governance structured around an integrated information security and data protection management system, enabling continuous planning, deployment, control and improvement of GDPR security and compliance measures.

Dedicated team for information security and data protection

A multidisciplinary team composed of information security experts, data protection specialized lawyers, the DPO and operational actors is established at Illizeo.

It is responsible for:

Risk management

Each identified risk is:

Periodic risk reviews are organized to validate the effectiveness of implemented measures and adjust action plans according to threat evolution and regulatory requirements.

Independent security verifications

i. Annual external audits

Illizeo annually submits its systems and processes to security and GDPR compliance audits conducted by qualified independent firms.

These audits evaluate compliance with:

ii. Verification of compliance with internal standards and directives

Regular internal reviews are conducted to ensure compliance with:

iii. Security tests and pentests

Vulnerability analyses (automated and manual) are continuously performed on the entire infrastructure (application and system).

Penetration tests (pentests) are conducted by specialized external service providers, according to an annual calendar, with impact report, remediation plan, and compliance monitoring.

Subcontracting control and processing on instruction

i. Processing on exclusive client instruction

Illizeo employees are only authorized to process a client’s data by virtue of documented instructions from that client.

These instructions must be provided in writing (contract, ticket, professional email, secure interface). Oral instructions are only admitted in case of emergency and must be confirmed in writing within 24 hours.

ii. Rigorous subcontractor selection

Any service provider accessing personal data is subject to:

iii. GDPR contractual framework (Art. 28)

Relationships with subcontractors are strictly governed by contractual clauses compliant with Article 28 of the GDPR, including:

iv. Regular control and auditability of subcontractors

Before any collaboration, and then at regular intervals, Illizeo proceeds with:

Supplementary measures for international transfers

In accordance with Article 46 of the GDPR and recommendations of the European Data Protection Board (EDPB), Illizeo applies additional measures to govern the transfer of personal data to third countries, particularly following the Schrems II judgment (CJEU, C-311/18).

Although Illizeo client data is exclusively hosted in the European Union, these measures strengthen guarantees in case of occasional cross-border processing or international technical support.

Measures guaranteeing confidentiality

a. Enhanced transport encryption

All data exchanges are subject to double encryption:

b. Access restrictions based on location

Access to systems containing personal data is subject to:

c. Device control

Terminals used in third countries are:

Transfer restrictions and emergency stop mechanisms

a. Data transfer restrictions

Internal policies clearly define situations authorizing occasional data transfer to a third country, subject to explicit client agreement.

b. “Kill Switch” mechanism

If necessary, an immediate access stop device can be triggered from the EU without intervention from persons located outside the EU.

This device is documented, periodically tested, and integrated into the incident response plan.

Exclusively European access administration

Illizeo guarantees that technical administration of sensitive systems is ensured by employees based exclusively in the European Union or Switzerland.

Any administrative action performed from a third country is subject to European supervision, and recorded in detail.

Manage your HR in minutes,
not in days.

Features

About us

Resources

Contact us

Legal

Social

© 2025 Illizeo Cloud Solutions