Security and Privacy
With over 450 customer references and 2.1M users, Jalios counts among its customers many organizations for whom data security and confidentiality are major issues.
Whether in healthcare, banking and insurance, industry or public services, Jalios solutions meets the most stringent requirements in terms of security and confidentiality.
Security by design and security management: processes at every level
Jalios implements security at application, infrastructure and physical levels, with processes to ensure the security of its products throughout their lifecycle.
- A dedicated cross-functional team
- Awareness-raising and training for all Jalios employees
- Reliable processes and security patches
- Regular audits and penetration tests
- A dedicated community for customer CISOs
An ANSSI CSPN-certified solution available in SecNumCloud
Jalios is the first collaborative solution to obtain CSPN certification in 2021 for its JPlatform technical foundation. The management of sensitive data is one of the development pillars of Jalios' strategy:
- Jalios is a winner of BPI France's SecNumCloud qualification scheme, which is part of the France 2030 cloud acceleration strategy.
- The solution is already available in the SecNumCloud region on the 3DS Outscale marketplace
- The regional SecNumCloud solution has been chosen by DINUM, AMF, INSEE, etc.
- Jalios teams are also committed to ISO 27001 certification.
Digital sovereignty: rely on resilience and diversity with Jalios
A 100% French publisher for over 20 years, Jalios offers a sovereign and independent solution, not subject to extraterritorial laws (Cloud Act, Patriot Act, etc.). For Jalios, sovereignty goes much further: sovereignty of choice is built into the very architecture of the solution:
- With JServices, you can choose your suppliers for uses such as: office automation, cartography, translation, AI, etc.
- The multicloud solution lets you choose your cloud, on-premise or hybrid infrastructure.
These elements guarantee you total control over your data, even when you use third-party services.
NIS2: Jalios enables you to better manage your sensitive data
Thanks to its architecture and design, the Jalios Digital Workplace acts as a true governance platform, reinforcing your organization's security. It thus addresses the requirements imposed by the new NIS2 directive:
- 21.2.a : Risk analysis and information systems security policies
- 21.2.d : Supply chain security
- 21.2.g: Cyber hygiene and cyber security training
- 21.2.i : Security of human resources, access control policies and asset management
- 21.2.j : Solutions for multi-factor or continuous authentication, secure voice, video and text communications, and secure emergency communication systems
RGPD et confidentialités des données
Jalios considers data protection to be essential and is fully committed to complying with regulations including that of the RGPD (or GDPR in English).
As a software publisher, and unlike some consumer solutions, Jalios does not make commercial use of the data on its customers' platforms: you own your data and can retrieve it at any time.
For customers who need to manage confidential and personal data on their platforms, whether Intranet, Digital Workplace, extranet or corporate social network, etc., Jalios implements a wide range of solutions. Jalios implements numerous tools and functionalities to help them comply with the RGPD.
Contact our teams to find out more.
FAQ
-
What is CSPN?
The First-Level Security Certification (CSPN), also known as the "ANSSI Security Visa," is one of the certifications issued by the French National Cybersecurity Agency (ANSSI) for information technology products. Established by ANSSI in 2008, CSPN certifies that a product (software, operating system, appliance, hardware, etc.) has successfully undergone a security evaluation by an ANSSI-approved evaluation center (CESTI).
CSPN consists of "black-box" tests conducted under constrained time and conditions. It serves as an alternative to Common Criteria evaluations, which can be costly and time-consuming, particularly when a lower level of confidence is acceptable. This certification is based on criteria, methodology, and a process developed by ANSSI.
-
What is SecNumCloud?
SecNumCloud is a security qualification proposed by ANSSI (National Cybersecurity Agency of France) to enhance the security of Cloud services. It applies to all cloud operators offering services in PaaS (Platform as a Service), IaaS (Infrastructure as a Service), or SaaS (Software as a Service).
The SecNumCloud security requirements encompass a comprehensive set of best practices from technical, operational, and legal perspectives. Compliance is verified by audit providers approved by ANSSI (PASSI).
-
What is NIS2?
The NIS2 Regulation is an update to the NIS Directive adopted by the EU in 2016. Published in December 2020, it aims to strengthen cybersecurity across EU member states.
Highly ambitious, its implementation aims to help thousands of entities better protect themselves, especially in sectors deemed essential for societal and economic stability. It seeks to broadly mobilize the national economic fabric and the public sector in the face of increasing cyber threats.
The scope of the NIS2 directive addresses several key areas to enhance defense and response capabilities in cybersecurity:
- Risk management and security measures: Procedures for risk management and appropriate security measures to mitigate identified risks.
- Incident reporting and response: specific protocols for reporting cyber incidents to ensure rapid and detailed communication with national competent authorities.
- Supply chain security: procedures focusing on the interconnected nature of modern business operations.
- Cybersecurity training and awareness: regular training and awareness programs to promote a culture of cybersecurity at all organizational levels.
-
What is GRPD?
Adopted in May 2018, the General Data Protection Regulation (GDPR) strengthens and unifies the protection of personal data for individuals within the EU, defining specific obligations to ensure the protection of data entrusted to organizations.
It applies to any organization, public or private, that processes personal data on its behalf or otherwise, as long as it is established within the European Union or targets European residents. The GDPR also applies to subcontractors processing personal data on behalf of other organizations.
The regulation dedines:
- Personal data as "any information relating to an identified or identifiable natural person."
- Processing of personal data as "an operation or set of operations performed on personal data, regardless of the method."
Discover Jalios Workplace for free
Enjoy unlimited access to all features and services of our Jalios Workplace solution for 30 days.