Access to Nextlane France premises and the Datacenter
- Physical access control system: Internal: badge, reinforced access for certain sensitive areas (closed server rooms, etc…), video surveillance cameras, alarms, etc…
- Datacenter under the responsibility of the host: secure access in accordance with the iso27001 standard.
External access to the Nextlane France network
- Firewall protection
- Segmentation of the VLAN network
- WIFI encryption and password-controlled access
- Port filtering of VPNs from external partners
- Nominative access controls to URLs
- IPS > tool integrated into the firewall – Currently being implemented
- Blocking of ports
- Backup of network logs
- Protection of data exchanges via secure data flows (TLS/SSL, https, sftp…). In the process of being implemented
I.S. access rights management
- Procedure for managing access rights and deactivating accounts
- Password change policy
- Password policy (complexity, regular changes…)
- User awareness raising
- “Administrator” profiles (strong rights) separated from “User” profiles (office tools)
- “Administrator” accesses managed individually
Availability of services
- High availability for hosted offers: Automatic provision of a new host within 15 minutes in case of failure.
- Redundancy of equipment
- CENTREON supervision console
- Business Continuity Plan > In the process of implementation
- Dual data centre (active/passive) > Under implementation
Malware protection
- Publisher monitoring policy (system + middleware)
- Patching policy
- Anti-malware (and anti-virus)
- Url and port filtering
- SMTP gateways
- Backups and restorations
- Raising user awareness (charter of good practices)
- Punctual inventory to detect potential non-conformities and vulnerabilities
Loss or theft of equipment
- Authentication procedure
- Encryption of workstations
- Remote deletion of discs and mobiles
- Centralized configuration management
Backup policy for physical equipment, software components or data
- Regular backups adapted to the life cycle of the object concerned
- Backup of configurations and Maintenance in Operational Conditions (MCO) procedures Being implemented
Exchange of data
- Policy on data output rights and duties (Charter of Good Practice)
- Encryption, anonymization and pseudonymization > In the process of implementation
- Contractual framework with the partner (NDA – confidentiality clause, data deletion clause…)
- Limitation of internet access
Application of security update
- Patch management policy
- Standardization and obsolescence management project
- Automation of equipment patching with the supplier
- Raising the awareness of the technical teams
- Internal control systems (ad hoc control within the entity’s internal control framework)
Management of a subcontractor / supplier (IoT)
- Incorporation of contractual termination clauses in the event of negligence
- Regular operational review with the subcontractor
- Incident management and notification to the supervisory authority and/or to the persons concerned
- NDA
- SLA
- Reporting
- Precautionary checks on the financial health of the subcontractor. Partner VPN access control