The short answer is yes, we implement numerous security measures to protect the platform and your account
Yes, we specifically do 2 backups of all your data every day, in addition to other general backup measures already in place
Yes, we implement important security measures to ensure the confidentiality, integrity, availability and resilience of your data.
We have two data centers: one located in France and the other in Ireland
In order to ensure the best security of your data, we planned for the possibility that a data storage center may be destroyed (eg earthquake, nuclear accident...). To avoid losses, it's a standard practice to duplicat data several thousand kilometers from each data center
Yes of course ! Legiscope is used by many lawyers, DPOs and IT security experts who would immediately point us the slightest non-compliance. You can count on us as well as our users to ensure we remain fully compliant!
Yes, you can read the sections dedicated to CISO for very technical details on the subject
Sure ! You can export all your data easily - read our normal FAQ for details on how to do that!
Without going into too much detail, the protection of the platform internally looks like: MFA hardware, AND IP address restriction AND strong password policy (above CNIL requirements) AND of course premissions restrictions
Users must create a password that complies with the french control authority's requirements
Hashed and salted
Yes of course, based on the CNIL requirements
Yes, when you create an account the admin has an extended authorization model to give access rights for each user and build fine access permissions. You can restrict for example a user, or a group of users to only read your records of processing to a specific organization
You can create very specific and detailled access permissions for each user in your account, or groups depending on your needs
Yes, we have extensive logs for security reasons, fraud prevention and internal and external attacks
Yes, it's an obligation imposed by article 28 of the GDPR - if this is a matter for you CONTACT US FIRST - because this is subject of a specific contract
In fact it is a legal obligation also imposed by the GDPR - so you do not need a specific commitment since the law already imposes it (art. 32, and art. 28 of the GDPR). In case a vulnerability is discovered on our software, we take measures to patch it as quickly as we can
It's common for us to do multiple deployments per day as part of normal deployments. In case of discovery of a vulnerability, our infrastructure is in place for fast update
Yes we have extended tools on for that
Yes, we adopted a very strong security approach since day 1 to ensure the best possible security for the platform.
Our CEO fired the entire development team during the first version of Legiscope in 2017 because the application was not build with enough security. The source code developed for 8 months by the team was abandonned as a result, and the platform was redeveloped 'from scratch'
When you upload a file on Legiscope.com, the name of the file is systematically analyzed and modified to avoid any risk of attack by file names. More globally, we analyzed a variety of possible attack vectors and implemented solutions accordingly
We spent considerable amounts of time working on IT security. For example we have specific security policies for each function in our application. Yes you read that correctly : we built a specific security policy *for *each *function existing in our application.
Yes, without going into details, we have several development environments that are totally separate and compartimented
Yes we have a CICD pipeline that validates and ensures automated deployment of the application. In practice we have very high test coverage of the application. In 2022 we run an external audit for a complete month, at the end of the audit, only 2 bugs were discovered
Yes, we have a large number of security tests run during each deployment to ensure the security of the platform, and then continuously
Yes, it's an essential element
We ensure end-to-end encryption, in addition to encryption at rest of all data (DB, files, ...), extended backups, authentication, and authorization measures
Yes, environements are completly separated. We generate fake data ourselves for all tests (which is kind of fun!). Production data always stays in Production
France and Ireland
Legiscope is entirely profitable, we have an extensive customer base which allows us to ensure the continuity of the development of the platform.
No. We have voluntarily implemented a pricing policy that allows us to function is total independence from any specific customer