Security policy
Security Policy
System security
A commitment to security
The security of your data and our systems is our top priority. We have implemented rigorous practices aligned with international standards to ensure effective risk management and enhanced protection of your information.
Our security processes and policies are guided by the following standards:
• ISO 27001 (Information Security Management System, ISMS)
This standard specifies the requirements for establishing, implementing, maintaining, and improving an ISMS. It ensures a systematic, proactive approach to identifying, evaluating, and addressing information security risks
• ISO 27017 (Code of Practice for Cloud Security Controls)
Tailored specifically for cloud services, this standard builds upon ISO/IEC 27002 and provides specialized recommendations for protecting data stored or processed in the cloud
Our security processes and policies are guided by the following standards:
• ISO 27001 (Information Security Management System, ISMS)
This standard specifies the requirements for establishing, implementing, maintaining, and improving an ISMS. It ensures a systematic, proactive approach to identifying, evaluating, and addressing information security risks
• ISO 27017 (Code of Practice for Cloud Security Controls)
Tailored specifically for cloud services, this standard builds upon ISO/IEC 27002 and provides specialized recommendations for protecting data stored or processed in the cloud
These standards help us:
• Ensure the confidentiality, integrity, and availability of data
• Provide complete transparency regarding our security policies
• Meet regulatory requirements and the cybersecurity expectations of our clients
Role and permission management
We maintain a strict role and permission management framework to safeguard the confidentiality and security of your data. Our practices are designed to minimize access to sensitive information while ensuring high-quality customer service
• Restricted and controlled access
Only a limited number of specifically authorized and trained employees have access to your data
• Explicit consent
We only access your data with your explicit permission and solely for purposes such as customer support or security management. Any other use is strictly prohibited
• Authorization
Our staff is trained to operate in high-security, compliance-focused environments
Network & Operations Security
Securing Our Network and Production Environments
The protection of our network and operational environments is central to our data protection policy. Robust measures are in place to ensure secure exchanges and safeguard your sensitive information.
Secure infrastructure
Our production network relies on segmented environments designed to minimize compromise risks. Multiple layers of firewalls provide granular protection against potential intrusions.
Encrypted communications
All data exchanges between our systems and yours are secured with advanced encryption protocols, including TLS (Transport Layer Security), to prevent unauthorized access.
Secure workstations
Employees access production environments using dedicated, security-configured workstations connected exclusively via secure VPNs and strong authentication mechanisms such as two-factor authentication (2FA).
Proactive protection
The security of your data and our platform is a top priority. We are committed to following best practices and implementing necessary measures to ensure a high level of protection. Regular penetration tests are conducted to assess the strength of our infrastructure, identify potential vulnerabilities, and address them immediately.
Automated monitoring and updates
All our systems are continuously monitored to ensure proper functioning and detect any intrusion attempts. Security patches are applied as soon as they are available, providing proactive defense against emerging threats.
Advanced detection & protection mechanisms
• Multi-Layered Firewalls and Segmented Networks
These ensure network and infrastructure integrity
• DDoS Mitigation Tools
Our tools prevent and mitigate denial-of-service attacks, ensuring platform availability
• Next-Generation Web Application Firewall (WAF)
Blocks real-time threats while adapting to new attack types
• Data Encryption Protocols
Advanced encryption such as TLS secures data exchange
Encryption and strengthened authentication
• All sensitive data is encrypted during transit and at rest
• Access to critical systems requires strong authentication, including 2FA
• Robust password management policies, supported by password managers, ensure compliance with high-security standards
Secure Development Practices
Security by design
Cybersecurity is embedded into the early stages of development. Our teams are trained to follow best security practices rigorously throughout each project’s lifecycle :
• Every line of code undergoes internal peer review to ensure high-quality and secure production
• Security principles are proactively integrated during the design phase
Automated code audits and scans
• Specialized tools continuously scan the codebase for known vulnerabilities
• Detected vulnerabilities are promptly evaluated, patched, or updated to maintain a secure platform
Vulnerability monitoring and penetration testing
• Our security team actively monitors CVEs and other vulnerability directories. Patches are proactively applied to systems and libraries
• External penetration testers regularly conduct audits to identify potential weaknesses
• Some clients also perform audits of our platform, providing third-party validation of our security practices
Vulnerability disclosure policy
We have a clear vulnerability disclosure policy outlining the objectives and permitted testing scopes for our infrastructure. This allows users and partners to report vulnerabilities safely and responsibly.
Full details can be found on our dedicated disclosure policy page.
Infrastructure security
European hosting
As a French and independent company, v6Protect is not subject to the U.S. Patriot Act. Our SaaS platforms are hosted exclusively in European datacenters compliant with Business Continuity Plan (BCP) requirements. These facilities benefit from high-speed fiber connections between sites, ensuring optimal security and connectivity.
Tier III Datacenters
• Maximum redundancy for fault tolerance.
• Compliance with the most stringent physical and logical security standards.
• Guaranteed availability of 99.99%
Resilient Infrastructure
L’infrastructure de v6Protect a été conçue en mettant l’accent sur la résilience. Chaque composant matThe v6Protect infrastructure has been designed with a strong emphasis on resilience. Every hardware component in the system is redundant and can be replaced in the event of a failure. Logical groups of physical servers or virtual machines (VMs) are organized into clusters, ensuring service continuity by temporarily redistributing workloads to available machines in case of a failure.
Our infrastructure is automatically scalable (expanding as needed) with intelligently distributed computational loads, optimizing both performance and flexibility.
• High availability : datacenters, servers, networks, security components, and applications are configured to minimize service interruptions
• Load balancing : a balanced management of network traffic and databases ensures consistent performance, even under heavy demand
• Storage resilience : critical data is stored on redundant media to prevent data loss
• Backups and retention : a robust backup policy and strict data retention timelines enhance security and ensure compliance
• Data center redundancy : our European datacenters provide geographic replication and business continuity in case of an incident
Data protection
We have implemented rigorous measures to ensure the security and confidentiality of data throughout its lifecycle:
• Daily Backups: Your data is backed up daily to ensure its availability in case of an incident.
• Encrypted Backups: All backups are encrypted to prevent unauthorized access.
Data transmissions between your systems and our servers are secured using end-to-end TLS/SSL encryption protocols, protecting against interception or malicious alterations.
We retain backups for a deliberately short period, aligned with data minimization principles. This approach reduces risks associated with prolonged data storage and complies with regulations such as the GDPR.
A comprehensive personal data management framework has been established to adhere to the General Data Protection Regulation (GDPR). Internal processes have been rigorously implemented to ensure full legal compliance.
Account security
Authentification
User accounts are secured with strong passwords combined with two-factor authentication (2FA)
You can manage user registration, access rights, and password policies to maintain a high level of security. The password management policy ensures regular updates to user passwords, in line with recommendations from the French National Cybersecurity Agency (ANSSI).
Access privileges
The platform includes a role-based permissions system that is fully customizable and adaptable to your organization’s structure
You can easily adjust user roles and responsibilities or temporarily suspend access if necessary
