The objective of information security is to minimize the risk of damage by preventing security incidents and reducing their potential impact, and to ensure the business continuity of Digimind, now doing business as Onclusive. The policy’s goal is to protect the organization’s informational content against all internal or external Security threats.
The security policy ensures that:
The Digimind Security Global Policy is validated by the CEO and is sponsored by the CTO. The CTO is responsible for the implementation of information security and privacy within Digimind.
The Quality of the processes, their description, their format, their maintenance is ensured by the Quality Manager.
The Security Policy is implemented within the company by the Product Manager. He is the main point of contact during security audits. The security of software development is covered by the Head of Development while the Servers security is the responsibility of the Head of Production Systems.
Security Incidents are managed by the Head of Support. He is in charge of the correct application of the processes as well as their maintenance and evolution.
All Digimind employees are trained in Information Security. They are individually accountable and responsible for respecting Digimind’s information Security Policies.
Our security management system is aligned with ISO 27xxx series standards and OWASP principles.
Our Servers Hosts are compliant with reinforced security requirements, including: PCI DSS, HDS, TSP, CSA, ISO 27017, ISO 27018 and CISPE.
Our Hosted Private Cloud infrastructures hold ISO 27001, PCI DSS PSP, HDS, SOC I and II type 2 certifications and accreditations.
Our customers can have Digimind Solutions audited by an external organisation.
Security and privacy risks are addressed through the application of appropriate security controls and associated risk treatment plans and the acceptance and management of residual risks.
Access to Digimind’s systems and information are controlled to protect its confidentiality, integrity and availability. Accordingly, access is restricted to those with a ‘need to know’ and is reviewed periodically to ensure appropriate access is maintained. Access credentials must meet specific minimum requirements, depending on the subject system, to reduce the risk of unauthorized access.
Physical security is fully covered in order to prevent any unauthorised access to sites or specific technical areas. Nominative access processes and devices are in place and logged. Sites are secured with anti-intrusion systems, video surveillance and 24/7 security service.
A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed. In Digimind we are aware that an incident may occur at some point. Therefore all Digimind employees must ensure they know how to identify and report a security incident and must be fully familiar with their involvement in the incident management process.
The Incident Management Process of Digimind defines what incident may be qualified as a Security Incident, the associated investigation needed, the evaluation of risk, notifications processes, what escalation is needed, as well as the actions to be taken, their record in an Incident log reference document and the follow up on actions.
In the case of a Security Incident, users of Digimind’s solutions are immediately notified within the solutions as well as in our dedicated Status Page, and via email. Our notification processus embeds a follow up on incidents with associated corrective and preventive actions taken.
Digimind’s BCDR aims at supporting the organization's ability to remain operational after an adverse event. The plan covers the key business continuity principles, policies and strategies put in place, a global analysis of risks (and yes, we finally excluded the Zombie attack 🧟♂️), Validation and Testing procedures. Recovery processes are described as well as data backup, and servers management.
As a world leader in online intelligence, Digimind pays the most attention to the processing of personal data. Our longstanding experience in this market has allowed us to build an effective framework that ensures compliance with personal data local regulations. A more extensive description of it is available on the Digimind Data Privacy page.
We encrypt all customer uploaded data and login credentials in transit. We use TLS with AES-128 encryption with ECDHE key exchange signed with GCM/SHA256.
Information security training is provided to all Digimind employees. Completion of courses is monitored and reported. Certification is valid for one year. New hires are required to undertake the Information Security training within their first month of employment. Managers are responsible for ensuring their teams are aware of and comply with any applicable security requirements.
We may revise this Security Policy from time to time. The most recent version of the policy will govern our use of your information and will always be at https://www.digimind.com/security-policy.
Effective: April 30th, 2016.
Last update: October 28th, 2024.
If you wish to obtain more information about Digimind Security Policy and Global Framework, you can contact us right now at security@onclusive.com.