General information
According to Article 32 of the GDPR, the customer, as data controller, and Illizeo, as processor, are obliged to implement adequate technical and organizational measures to guarantee a level of protection corresponding to the risk. These measures should take into account the current state of technology, implementation costs, the nature, scale, context and purposes of the processing, as well as the likelihood and severity of the risk to the rights and freedoms of individuals.
The customer is responsible for identifying and implementing appropriate measures in accordance with Article 24 GDPR. Illizeo recommends following relevant directives and standards such as ISO/IEC 27002 and of the Swiss Confederation for Information Security.
The measures adopted by Illizeo to guarantee the security of the processing are detailed below. Where necessary, the appropriate measures taken by the relevant subcontractors – in particular with regard to physical security at infrastructure-as-a-service providers and data centre operators – shall be listed, identified or referenced appropriately.

 

Technical and organisational measures according to Article 32 of the GDPR

In compliance with Article 32 of the GDPR, Illizeo has implemented the following technical and organizational measures to guarantee encryption, pseudonymization, confidentiality, integrity, availability, resilience, recoverability and associated audit processes.
Adequate technical and organisational measures must be put in place to comply with the provisions of the GDPR and to ensure, by default, that only the personal data necessary for each processing purpose are processed.

From the design and development phases of its products, Illizeo takes into account the requirements of Article 25 of the GDPR. This approach is made possible thanks to the proactive involvement of the legal department, the data protection officer and IT security engineers. Processes and functionalities are designed in such a way as to integrate data protection principles from the outset, such as lawfulness, transparency, purpose limitation, data minimization and processing security.

1. Measures to ensure confidentiality

Confidentiality is the protection against unauthorized disclosure of information. Confidential data and information may only be accessible to authorised persons in an authorised manner.

1.1. Organisational management

The aim is to ensure that the internal organisation complies with the specific requirements of data protection.

(a) Organizational instructions (in accordance with ISO/IEC 27002/2017, items 5 and 6)

The objectives of data protection and information security are established in Illizeo’s data protection and information security guidelines and are mandatory for all its employees. In addition, other organizational instructions are put in place to give employees specific guidance on the processing of personal data (e.g. guidelines for working from home and telecommuting, or guidelines for the use of computer systems, the Internet and email).

(b) Appointment of a data protection officer according to Article 37 GDPR

Management has appointed a Data Protection Officer. This officer ensures compliance with data protection regulations and performs his or her duties in accordance with Article 39 of the GDPR. His responsibilities include supporting the establishment and development of a data protection management system, developing, developing and monitoring relevant guidelines, and implementing regular awareness-raising measures.

(c) Commitment to confidentiality and data protection

Each employee is required in writing to respect confidentiality and data protection, as well as to comply with other applicable laws, upon delivery of their employment contract or at the latest at the beginning of their employment. This obligation remains in force for the duration of the employment relationship. Self-employed persons or external service providers must also commit in writing to maintain confidentiality, based on non-disclosure agreements (NDAs) and must also sign a data processing agreement if they process personal data on behalf of Illizeo.

(d) Data protection training programme

Each Illizeo employee receives information and data protection awareness brochures, and confirms their receipt with their employment contract. In addition, regular training is organized to raise employees’ awareness of data protection. Employees working in particularly sensitive areas such as human resources, product development or customer service also benefit from specific information and training on relevant topics, as needed.

(e) Limitations on personal and professional use of communication devices

Illizeo employees are required not to use the company’s messaging system for personal purposes. The use of Internet and telephone services for private purposes is limited. It is essential to maintain a separation between personal and company data. In addition, Illizeo employees are not authorized to process personal data or any other customer data, including in the context of a data processing relationship, on their personal communication devices. Illizeo employees undertake to comply with the appropriate guidelines, and their compliance is monitored to the extent permitted and necessary.

(f) Reliability of personnel (according to ISO/IEC 27002:2017, clause 7)

Illizeo deploys measures before, during and after hiring to ensure the reliability of its staff. These measures typically include:
• Verification and validation of declared academic and professional qualifications.
• Establishment of contractual agreements defining responsibilities and rules of conduct.
• Implementation of training, awareness and controls for staff.
• Implementation of awareness-raising procedures and sanctions in case of data protection breach.
• Establishment of a documented process for the entry and exit of personnel (e.g. key retrieval, revocation of access rights, adequate documentation, transfer and transmission of data, information and knowledge, etc.) at the end of employment.

1.2 Pseudonymous encryption of personal data

Measures are put in place to ensure that personal data is stored in such a way as to prevent identification by third parties.

(a) Key management (in accordance with ISO/IEC 27002:2017, clause 10.1.2)

Illizeo implements a policy for the use of cryptographic methods to ensure the proper use, protection and lifetime of keys, as well as the use of encryption methods in accordance with current standards. The master key is generated and under the responsibility of the infrastructure as a service provider, which considerably reduces the risk of leakage since only the staff responsible for Infomaniak have access to it.

Access to key management is recorded and automated, and in case of specific suspicion, it is checked by authorized Illizeo personnel for possible anomalies. In addition, keys are strictly separated by environment (for example, encryption keys used in production cannot be used in the development environment to encrypt or decrypt data).

(b) Database and storage encryption

All customer data is encrypted according to current industry standards when idle (standby). Only systems authorized to process data are able to use encryption keys, according to the principle of least principle. Backups are also stored in encrypted form.

(c) Data transmission via encrypted data networks or tunnel connections (data in transit)

All personal data transmitted by the Illizeo application to a customer or other platforms via an unsecured or public network is exclusively transmitted in encrypted form. This applies in particular to access to the client and administrative system. Illizeo makes sure to use a state-of-the-art encryption method based on the encryption algorithm supported on the client side (currently, HTTPS or Transport Layer Security [TLS] connections). It is the customer’s responsibility to use up-to-date devices/browsers that are compatible with these encryption methods.

Administrative access to Illizeo’s servers and the transmission of backups are only via encrypted connections, such as Secure Shell (SSH) or Virtual Private Network (VPN). A VPN connection is used to access customers’ systems for work from home and telecommuting, using only VPN servers under the direct control of Illizeo. The use of public VPN providers is not allowed.

(d) Encryption of mobile storage media

The mobile storage media used or processed for Illizeo data are exclusively used in encrypted form. This includes the use of USB sticks, external hard drives, etc. However, it is not allowed to use private mobile storage media to store customer data.

(e) Encryption of storage devices on laptops

All laptops used by employees have modern hard drive encryption.

(f) Encrypted sharing of information and files.

The exchange of information and files between the customer and Illizeo is always encrypted via the Illizeo application. If personal data or confidential customer information is to be transferred to servers that do not support the use of HTTPS downloads with TLS encryption, it must be transferred via Secure File Transfer Protocol (SFTP) or other state-of-the-art encryption mechanism. It is the customer’s responsibility to request or provide such secure data transport as required.

(g) Email encryption

In principle, all e-mails sent by Illizeo employees, whether through the Illizeo app or other means, are encrypted with TLS. Exceptions can be made if the receiving mail server does not support TLS. It is the customer’s responsibility to ensure that the mail server used for communication supports TLS encryption. Upon request, Illizeo offers the possibility to send content in encrypted form, for example using S/MIME.

1.3 Physical Access Management

Unauthorised access to the computer system and processing facilities used for data processing is strictly prohibited.

(a) Electronic door locking systems

The front doors of Illizeo’s offices are constantly locked and secured. Access to the offices is allowed only to people with a personal key to open the doors.

(b) Secure distribution of keys

Key distribution is carried out centrally and documented for Illizeo employees. The electronic keys are then retrieved centrally by management or human resources. This maintains strict control over access to company premises.

(c) Monitoring and accompanying foreign visitors

Access to Illizeo’s offices is strictly limited to authorized persons, such as employees and visitors who have obtained prior authorization. Persons outside Illizeo, such as external service providers or other third parties, are only allowed to enter the premises accompanied by an employee of Illizeo. In addition, a list of visitors is kept up to date to ensure accurate tracking of those entering the offices.

(d) Enhanced security of sensitive premises

Rooms or cabinets requiring enhanced protection, such as router rooms, human resources offices, cabinets containing contract documents, etc., are systematically closed after use or when they are unoccupied. Access to these premises is restricted exclusively to authorised personnel. In non-technical areas, the increased need for protection is assessed by a management representative or in collaboration with the office’s IT team and the IT and legal security team.

(e) Secure closing of doors and windows

Illizeo guarantees that all windows and doors are closed and locked outside office hours.

(f) Physical and environmental security of servers in data centers

Physical and environmental security of ISO/IEC 27001, ISO 9001, ISO 14001 certified data centers

Illizeo exclusively uses server systems provided by data center operators certified according to ISO/IEC 27001, ISO 9001, ISO 14001. Thus, appropriate technical and organizational measures are put in place to ensure physical and environmental security, including:

– Data centers are housed in discrete buildings that do not reveal their function from the outside.
– Data center facilities are protected by physical security measures, such as fences and walls, to prevent unauthorized access.
– Access to the data center is managed by electronic access controls and is monitored by alarm systems that signal any opening or holding of the door open.
– Access permission is granted by an authorized person and revoked within 24 hours of deactivating an employee’s or vendor’s account.
– All visitors must identify themselves, register and be accompanied at all times by authorized personnel.
– Sensitive areas are also monitored by video surveillance systems.
– Trained security personnel provide 24/7 surveillance of the data center and its immediate surroundings.

(g) Monitoring by security personnel

The security of the premises of the company’s headquarters is ensured by an external security service. This ensures that after the end of normal working hours, no unauthorized individuals are present on Illizeo’s premises and that all windows and doors are locked.

1.4 Access and authorization control

The use and processing of data protected by data protection law by unauthorized persons is strictly prohibited.

(a) Authentication methods used

Access to personal data is exclusively via encrypted protocols such as SSH, SSL/TLS, HTTPS or similar protocols.

(i) Authentication procedure for laptops and computer system

• Username and password authentication is the minimum security measure required.
• Depending on the capabilities of the laptop, alternative and secure authentication methods can be enabled.

(ii) Authentication procedure for the customer’s system

(Client system = access for administrators and client users)

• Address authentication email
• Auto-generated password (eight characters, numbers, letters, and special characters; secure storage via hash Bcrypt in accordance with best practices)
• Password reset via reset link sent by email
• Account blocked after five failed login attempts
• Authentication to Two possible and recommended factors
• The customer has the ability to strengthen password authentication and security by integrating OAuth2.

(iii) Authentication procedure for the administration system

(Administration system = access to customer systems through a user interface for customer service and product development by Illizeo, if approved by the customer for support purposes)

• Address authentication email
• Authentication to Two mandatory factors:
– Choice of a strong password (eight characters, numbers, letters, and special characters; secure storage via Bcrypt hash according to best practices; password change is required by the team leader every 90 days)
– Using a Token Generator for Authentication
o Administrator account blocked after five failed login attempts

(iv) Authentication with the server/database system

(Server/database system = access to data stored by the vendor’s product development department)

• Administrative access via VPN, SSH or API Infomaniak
• Authentication with SSO (Forced to use multi-factor authentication)

(b) Determination of persons authorized to support and give instructions

Illizeo’s system allows customers to determine who is allowed to give instructions using system settings. The persons authorized to support and give instructions are designated by providing their contact details such as name, email address, telephone number or user ID to Illizeo. Illizeo’s customer service team is bound by this list and must only accept orders, provide or review information from specifically designated individuals. For telephone requests, the identity of the caller must be verified prior to any interaction or processing of the request.

(c) Use of secure passwords

The assignment and frequent updating of secure passwords for the Illizeo account, laptops, computers and other mobile devices, must comply with the requirements of BSI IT Basic Protection or other recognized and equivalent security standards. This includes the use of special characters, a minimum length, and a regular frequency of password changes. Illizeo users are also required to implement measures to secure their devices when they are inactive. This is the responsibility of the customer.

(d) Prohibition of sharing passwords and accounts

Users and employees of Illizeo are not allowed to exchange passwords for the use of Illizeo or to use common accounts to access customer and administrative systems. This means that they only have to use their own personal and individual identifiers when logging into the system.

(e) Automatic activation of locking in case of inactivity

Illizeo employees are advised to always lock their laptops when not in use. In addition, an automatic screen lock function is activated after three minutes of inactivity. To unlock it, follow the authentication procedure listed in the « Authentication procedure for computer system/laptop » section.

(f) Use of antivirus software

The laptops of Illizeo employees are equipped with state-of-the-art antivirus software, constantly updated on all the company’s computer systems. As a general rule, these computers cannot function without active virus protection unless other equivalent security measures have been implemented in accordance with technological standards or in the absence of any risk. You may not disable or bypass the default security settings.

(g) Office Tidying Policy

It is stipulated that Illizeo employees must neither print nor store customers’ personal data, nor leave work material in sight. They must properly store any work materials. Documents containing personal information should be stored in lockable cabinets or drawers after use, or disposed of in accordance with data protection regulations.

(h) Use of public wireless networks and connection to the corporate network

Connections to public wireless networks are only allowed through a VPN connection provided by Illizeo.

1.5 Secure Access Management

It is ensured that only persons authorized to use an automated processing system have access to the personal data for which they have been authorized to access.

(a) « Principle of role and authorization in the client system »

(i) Principle of roles and permissions within the client system

Administrators of the attribute entity have the ability to configure a multi-level role system to assign rights individually. This system differentiates the viewing, proposal and modification rights for each function or sector of Illizeo for each user.

(ii) Principle of roles and permissions within the administration system

Access to the administration system is mainly reserved for employees trained in the areas of customer service and product development. Sales and finance team employees have limited access through the admin system only to customer systems during the free trial phase or associated billing data, which denies them access to customer data.

(iii) Principle of roles and permissions within server and database systems

Access to server and database systems is typically restricted to a limited number of trained employees in product development and infrastructure.

(b) Monitoring by the awarding entity of Illizeo’s access to the customer’s systems

The contracting entity has the possibility to use the customer’s system settings to determine whether Illizeo is authorized to access its system. By default, access is disabled, and only authorized employees of the attribute have the authority to enable or disable this permission at any time.

(c) Assign access rights

At Illizeo, access rights are generally granted on a need-to-know basis. This means that access is only granted to those who clearly need it and for the necessary duration. When requesting access, the requester must provide convincing justification for their need. The concept of authorization is based on specific roles assigned to each employee. Any authorization that goes beyond the scope of this role must be justified. Access rights are logged centrally and revoked immediately as soon as the need for access expires. Access is limited to the minimum privileges required.

Access to the administration system or server/database system is approved by management, infrastructure department management or information security officer, and generally follows the principle of dual control. Administrators and/or the Chief Information Security Officer regularly check whether the permissions granted are still necessary. Supervisors are also required to request the IT administration to correct authorizations in the event of a change in employees’ functions.

In the event of an employee leaving the company, HR managers immediately inform administrators or HR of upcoming changes so that the corresponding authorizations can be revoked. Where possible, access rights are removed within 24 hours of an employee’s departure. Supervisors are also required to request the IT administration to correct authorizations in the event of a change in employees’ functions. HR managers immediately inform administrators or HR of upcoming changes in the event of an employee’s departure from the company, so that the corresponding authorizations can be revoked.

(d) Host-based intrusion detection (IDS)

Illizeo has implemented an intrusion detection system (IDS) that monitors various parameters in order to detect suspicious activity. These settings include suspicious log entries, signatures from known rootkits and Trojans, anomalies in the device’s file system, and brute force attacks. With the exception of file system changes, all of these settings are evaluated in real time for quick detection.

File systems are checked in real time for abnormal changes. If an anomaly is detected, an alert is immediately sent by e-mail to the employees responsible for operations and product development. This allows them to quickly take the necessary steps to investigate the incident and take appropriate action to remedy it.

(e) Network security

Illizeo’s servers and databases are only used in private subnets without public IP, which ensures that no service is directly accessible from the Internet. Publicly available services are routed through load balancers or bastion hosts, which only allow the protocols and ports required for the respective service. Public resources such as images, JavaScript files, or CSS can be deployed through a CDN such as AWS CloudFront. In addition, a web firewall is used to protect against common web exploits and bots that can affect availability or compromise security.

(f) Logging of connection and disconnection events

Registration is performed for all successful testing or access to customer administration systems, infrastructure and systems. Event logs contain at least the following information: timestamp, user ID, IP address, and authentication result. These logs are kept for a period of one year and can be consulted on request.

1.6 Severability

We guarantee that personal data collected for different purposes can be processed separately and separately from other data and systems. This is to prevent any unintended use of this data for other purposes.

(a) Separation of development, test and production environments (in accordance with ISO/IEC 27002:2017, section 12.1.4)

Before transferring data from the operating environment to test or development environments, it is necessary to fully anonymize it. The transmission of anonymised data must be carried out either by encryption or via a secure trusted network. For software to be transferred to the operating environment, it must first be tested in an identical test environment (staging). Error analysis or software creation/compilation tools should only be used in the operating environment if absolutely necessary. This can occur when error situations depend on data that would be corrupted due to anonymization requirements during transfer to test environments.

(b) Network separation (in accordance with ISO/IEC 27002:2017, section 13.1.3)

Illizeo implements a separation of networks according to tasks. The following networks are used permanently for this purpose: the operating environment (production), the test environment (staging), the office computer employee network, and the office computer guest network. If necessary, separate additional networks are created, such as networks dedicated to recovery testing or penetration testing.

Network separation shall be implemented either physically, where technically feasible, or via virtual networks, depending on the technical possibilities available. This approach ensures adequate isolation between different networks to enhance security and minimize the risk of compromise.

c) Multi-tenant separation on the instance side

Illizeo ensures that the data of different contracting entities is processed and stored separately using a logical separation of customers based on a multi-tenant architecture. Each procuring entity is assigned a unique identifier (e.g. customer number or company ID) for data management and identification.

The security of the architecture is enhanced by implementing integration tests that verify that no query is executed against the database without proper identification and assignment to that specific identifier. This minimizes the risk of bypassing client separation due to programming errors.

Regular security audits and rigorous code reviews, following the « four to six eyes » principle, are also carried out to protect the architecture and ensure compliance with established security standards.

2. Data integrity preservation measures

Integrity refers to ensuring the accuracy and authenticity of data, as well as the proper functioning of systems.

2.1 Control of data transmission

The confidentiality and integrity of private data is preserved during the transmission and transport of storage media to ensure their protection.

(a) The transport of data in transit is secured by its encryption.

To ensure the integrity of the data during transport, an encryption and pseudonymization process is put in place. In addition to encryption, checksums are calculated to verify the integrity of data during transmission. This ensures that personal data remains secure and intact throughout the transport process.

(b) Confidentiality and non-disclosure to unauthorized third parties

Personal data on behalf of the contracting entity may only be transferred in accordance with the instructions and to the extent necessary for the performance of the contractual services for that entity. It is strictly forbidden to transfer the personal data of the contract to unauthorized third parties, including by storing them in another cloud storage service.

2.2 Entry Control

The aim is to ensure the traceability and subsequent determination of personal data that has been entered or modified in automated processing systems, specifying when and by whom.

System activities are recorded in administration and client systems, and these records are evaluated.

All key system activities are logged in logs. Log entries must include at least the following: timestamp, user ID, access role, IP address, system component or function, and activities performed. These recorded activities include all actions for entering, modifying, and deleting data, users, permissions, or system settings. Logs are currently kept for a period of one year and are available upon request.

3. Measures to ensure system availability

The availability of services, functionalities of an IT system, computer applications, computer networks and information is ensured when these resources can be used at any time, in accordance with the needs and purposes defined by users.

3.1 Availability Management

Measures are taken to prevent accidental destruction or loss of personal data, in order to guarantee their protection.

(a) Data backup procedures/backups

Illizeo has implemented an advanced backup concept for the database containing customer data, as well as for the storage media containing the associated documents, to ensure adequate availability.

In addition, Illizeo offers its customers the ability to back up and restore their instances, allowing them to take additional backup measures for their own data.

(b) Geo-redundancy of server infrastructure for productive data and backups

Ensure geo-redundancy for productive data server and backup server infrastructure in the event of an unforeseen event

Illizeo ensures that it meets the appropriate spatial separation requirements to ensure geo-redundancy in the event of an unforeseen event, such as a natural disaster. This is achieved by using different data centers located at a sufficient distance from each other, or by using data centers with separate Availability Zones. The backup system is designed in such a way that, even in the event of a failure of an Infomaniak region, the data is not compromised thanks to the replication of backups in several Infomaniak regions.

(c) Capacity management

A capacity management system is in place, including continuous monitoring and automatic scaling to address capacity bottlenecks.

This means that system capabilities are continuously monitored to identify potential bottlenecks or saturation points. When such a problem is detected, the system is able to adapt automatically by increasing capacity, whether by adding hardware resources, optimizing software performance, or resizing infrastructure.

This approach ensures that resources are available in sufficient quantities to meet current and future needs, avoiding performance issues related to insufficient capacity.

(d) Warning systems to monitor the availability and status of server systems

An alert system is in place to monitor the availability and status of server systems in real time. In the event of a detected failure, the infrastructure service is automatically notified, allowing immediate intervention to resolve the problem.

To ensure continuous availability, even outside working hours, an on-call service is in place. This on-call service ensures constant monitoring of critical components, so that it can react quickly in the event of a breakdown or urgent problem, even outside normal working hours.

These measures ensure that issues affecting the availability of server systems are identified quickly and proactively resolved, helping to maintain optimal business continuity.

(e) IT incident management (in accordance with ISO/IEC 27002:2017, section 16)

Documented procedures and concepts are in place to manage security malfunctions and incidents. This includes the planning and preparation of incident responses, as well as procedures for monitoring, identifying and analyzing security incidents. Responsibilities are clearly defined, and appropriate reporting channels are established in the event of a personal data breach, in accordance with applicable legal requirements.

(f) Other measures to ensure availability in data centres

An automatic fire detection and fighting system is installed in the data center. The fire alarm system uses smoke detectors distributed throughout the data center environment, covering the mechanical and electrical areas of the infrastructure, cold stores and generator rooms.

All power systems are designed with redundancy to ensure maximum availability. In the event of a power outage, an uninterruptible power supply (UPS) is put in place to ensure that critical areas of the system continue to receive electricity. In addition, the data center has generators capable of providing backup power to the entire system. The data center is equipped with an air conditioning and temperature control system to maintain optimal conditions.

Preventive maintenance is regularly performed to ensure continuous operation and detect potential problems before they turn into major failures.

These measures ensure high data center availability by minimizing fire risks, ensuring reliable power supply and temperature control, and performing regular preventive maintenance.

3.2 The Disaster Recovery Guarantee

Illizeo has put in place a concept and an emergency plan to deal with emergency situations or disasters. In the event of a physical or technical failure, measures are planned to ensure reliable recovery of the systems.

All systems are restored using available data backups, with a restore time objective (RTO) typically set at 24 hours. This means that systems are restored within approximately 24 hours of a major incident, allowing normal operations to resume as quickly as possible.

In addition, the recovery point objective (RPO) is set to 24 hours. This means that data is restored based on backups made within 24 hours of the incident, limiting potential data loss.

These measures ensure a reliable recovery capability of systems in the event of a breakdown or emergency situation, minimizing downtime and allowing Illizeo to continue to provide services efficiently and uninterrupted.

4. Monitoring and evaluation measures

Description of the procedures for regularly reviewing, assessing and evaluating the effectiveness of technical and organisational measures.

(a) Data Protection and Information Security Team

A Data Protection and Information Security (DST) team has been created to plan, implement, evaluate and adapt measures in the area of data protection and security.

(b) Risk management

As part of Illizeo’s data protection and information security management system, there is a process of risk analysis, evaluation and attribution, development of measures based on these risks and regular evaluation of the effectiveness of these measures.

(c) Independent information security review (in accordance with ISO/IEC 27002:2017, section 18.2.1)

(i) Conducting audits

Internal audits are regularly carried out to assess data protection and information security. The objective of these audits is to ensure the independence of the auditor, who may be independent of other external areas or entities. Audits are based on common inspection criteria and programs, including GDPR legal requirements, security standards, etc.

These audits focus particularly on the completeness and accuracy of policies and concepts, as well as the documentation and adherence to corresponding processes. They make it possible to identify possible shortcomings or non-conformities, and to put in place the necessary corrective measures to improve data protection and strengthen information security.

Regular internal audits ensure an objective and impartial assessment of data and information security in accordance with established criteria and applicable regulatory requirements.

(ii) Verification of compliance with security policies and standards (in accordance with ISO/IEC 27002:2017, section 18.2.2)

Compliance with applicable policies, standards and other security requirements is regularly checked when processing personal data. Where possible, these checks are performed randomly and unexpectedly.

(iii) Verification of conformity with technical specifications (in accordance with ISO/IEC 27002:2017, section 18.2.3)

The Chief Information Security Officer or other qualified personnel regularly conduct vulnerability scans, both automated and manual, to verify the security of applications, infrastructure, and periodic product development. If necessary, detailed penetration testing is performed by an external service provider to specifically examine applications and infrastructure for vulnerabilities.

These vulnerability scans, whether performed internally or externally, detect possible security weaknesses and take corrective action to strengthen the security of the systems. They also help ensure continuous protection against potential threats and maintain a high level of application and infrastructure security.

(iv) Continuous improvement of the data protection and information security management system

Data protection and information security processes include regular reviews and evaluations of the technical and organizational measures put in place. A system of continuous improvement and suggestions is also in place, encouraging employee participation. Thus, Illizeo is constantly improving the processes related to the processing of personal data.

(d) Contract monitoring

It is guaranteed that personal data processed on behalf of the customer are processed only in accordance with the instructions provided by the customer.

(i) Data processing

Illizeo employees are required to comply with the documented instructions regarding the use of the contracting entity’s personal data, as specified in the data processing agreement and the user agreement. In accordance with the data processing agreement, Illizeo will receive instructions from the contracting entity in writing and through the electronic formats provided by the supplier. Verbal instructions are only permitted in urgent cases and must be confirmed immediately in writing or in an electronic format specified by Illizeo, by the contracting entity.

(ii) Careful selection of suppliers

During outsourcing, suppliers or third parties are selected according to a rigorous process in collaboration with the Information Security Officer, the Data Protection Officer and the Legal Department. This selection process is based on defined criteria, in particular with regard to data protection and IT security. Some of these criteria include:

– Verification of documentation and compliance with technical and organizational measures, in accordance with Article 32 of the GDPR.
– For the specific levels of protection and scope of personal data, only ISO/IEC 27001 certified companies are committed. This applies in particular to data centers.
– In order to prevent risks, a risk assessment is also carried out for each supplier if it regularly processes personal data.

These rigorous selection measures ensure that only suppliers or third parties that meet the appropriate data protection and IT security standards are engaged. This helps to reduce the risks associated with outsourcing and ensures a high level of protection of personal data.

(iii) Data processing in accordance with Art. 28 GDPR

The selection and engagement of a processor is made in accordance with the data processing agreement between Illizeo and the customer, as well as the legal provisions and the conclusion of an appropriate data processing agreement between Illizeo and the processor, in accordance with Article 28 of the GDPR. This data processing agreement shall regularly address, as far as possible, the following aspects:

– Agreement on effective control rights, corresponding to the rights of the contracting entity, including, where appropriate, on-the-spot control rights.
– Agreement on appropriate control and information rights when engaging other subcontractors.
– Agreement on contractual sanctions in case of violation, if applicable and within the limits of the applicable legislation.
– Obligation to treat exclusively according to documented instructions.
– Exclusion of any unauthorized processing step.
– Prohibition to make copies of personal data, with the exception of backup copies.
– Commitment of the contractor’s employees to maintain the confidentiality of the data.
– Participation in the preservation of the rights of data subjects.
– Appointment of a data protection officer if required by law.
– Obligation to notify in the event of a breach of the protection of personal data pursuant to Articles 33 and 34 of the GDPR, as well as in the event of operational disruptions and other irregularities in the processing of personal data.
– Guarantee of deletion/destruction of data after the execution of the order.

These contractual and legal measures ensure that the processor undertakes to comply with data protection obligations and to ensure appropriate processing of personal data in accordance with the requirements of the GDPR and the data processing agreement concluded between Illizeo and the customer.

(iv) Carry out regular checks/request evidence

Before the start of any assignment with a subcontractor, Illizeo will verify or obtain evidence of compliance with the technical and organizational measures of this subcontractor. This initial verification ensures that the processor meets the required data protection and information security standards.

In addition, Illizeo will regularly carry out subsequent checks to ensure that the subcontractor continues to comply with the agreed technical and organizational measures. These regular checks help maintain a high level of security and ensure compliance with applicable regulatory requirements.

By ensuring the continuous compliance of subcontractors with technical and organizational measures, Illizeo strengthens the security of data and the protection of information processed in the context of the subcontracting relationship.

Version 06-2023