Even if more than 85% of companies have compliance systems, nearly 60% of them are only partially up to date with their obligations (source: study on the state of play in terms of compliance and anti-corruption in companies, French Association of Corporate Lawyers (AFJE) and Ethicorp.com, 2020).
Corporate security and compliance are subjects that are still little or poorly mastered within companies. Yet they are very important!
In this article, the Hyperlex team explains why.
Security and ISO/IEC 27001:2013certification
Since the beginning of Hyperlex's history, security has been at the forefront. Alexandre Grux, CEO of Hyperlex, says it himself:
Since its creation, Hyperlex has placed safety at the heart of its DNA.
Each new employee who starts the Hyperlex adventure will receive a (beautiful) sweatshirt, but more importantly, a list of safety instructions. Our employees need to respect these instructions by signing the IS charter.
This "newcomer's guide" explains everything about the importance of encrypting computer data, the need to choose strong passwords, but also the fact that workstations must be permanently locked when not in use, as well as the reception of visitors with a particular procedure to follow, etc.
In particular, Hyperlex has carried out :
- The zoning of its premises with access by badge.
- An equipment accountability policy is also in place: no sensitive equipment left in the office unattended to avoid asset theft.
- Encryption of computers containing sensitive information.
- A review of its software suppliers to ensure that they are secure.
As a result, the Hyperlex team was able to determine the company's assets, identify the parameters to be certified and comply with the applicable regulations in order to identify and meet the applicable legal and regulatory requirements.
The ISO/IEC 27001:2013 certification is intended for companies that have implemented a maximum security procedure on all the points that have been explained above. A real follow-up of each security procedure is recorded, analysed and regularly checked. Hyperlex has obtained this certification! Read our press release.
👉 Also read: How to protect your contractual data in the cloud era?
Compliance, definition
Compliance is the set of processes designed to ensure that a company complies with standards for the protection of data in all its forms. This data can be that of people inside the company, or external, processed by yourself or by subcontractors.
Who is responsible for enforcing compliance?
Every company must appoint a compliance officer who is responsible for ensuring that ethical or CSR (corporate social responsibility) codes, the fight against fraud, etc. are properly implemented. The compliance officer must ensure that employees apply the correct internal processes.
👉 Webinar to watch or review: Securing corporate legal data in the cloud
The GDPR, a telling example of compliance
The GDPR (General Data Protection Regulation), applicable since 25 May 2018, is a law that aims to protect people's data, whether they can be identified directly (first name, surname, etc.) or indirectly (telephone number, identifier, etc.).
Thus, all organisations or companies collecting data are subject to this law, regardless of their sector of activity or size. The aim here is to help strengthen the rights of individuals, make organisations collecting and collecting and processing data, and to make these organisations to cooperate with each other to ensure that information passing through them is securely tracked.
This data collection can be done on a daily basis via forms, questionnaires or other means. It is therefore necessary, as requested by the CNIL, to respect people's rights to consult or delete their data, to sort them and above all to secure them.
👉 Read also: How to secure your contractual relations?
ISO/IEC 27701:2019
In recent years, the volume ofinformation has increased considerably and consequently the associated and consequently the associated risks have also increased.
This is why VSEs and SMEs want to acquire a proof of the reliability of their personal data security, the certification extension ISO/IEC 27701:2019.
So what is this famous certification?
Certification ISO/IEC 27701:2019 is an extension of the ISO/IEC 27001:2013 certification which, in addition to security in the broadest sense, also covers information protection. The need for data security has become increasingly important since the digitisation of data and it is becoming essential to respect the demands of the people from whom the information has been taken.
This certification demonstrates to a company's customers and partners that the company has put in place the most optimal means to protect their data. This can be seen in the monitoring of each piece of data in the context of processing carried out by the company (e.g. processing of personal data from a video surveillance system or when taking over contracts), but also when this information is outsourced.
There is therefore a strict procedure that is followed when working with a new subcontractor:
- If it is certified ISO/IEC 27701:2019 or SOC 1-2-3 (Service Organization Control).
- If it complies with the privacy guidelines from the beginning.
- If its data storage is in the European Union (the law does not apply in the same way outside the EU zone and is therefore not subject to the same regulations).
- What are its processes and methods for handling personal data.
To link with the RGPD, the certification ISO/IEC 27701:2019 will require companies like Hyperlex to carry out maximum maximum monitoring of this information, recording each piece of information and especially each request for consultation or deletion of this information by our organisation or a subcontractor.
It is therefore important, in the event of a customer request for deletion of personal data, to register the request, notify the processor and inform the customer. All these procedures allow for maximum control and monitoring of the respect of personal information.
Thus, we have complete traceability in a file that shows that each step has been carried out with the greatest possible precision and rigour.
Would you like to contact our team? 👇
Also worth reading:
- Hyperlex partners with Hellosign to launch its ISV offering in Europe
- FDJ uses artificial intelligence to store and manage its leases
- Géodis chooses Hyperlex to manage and analyse its contracts
- What is ISO 27001?
- Security: why protect your contractual data?
- Checklist: ISO/IEC 27001:2013 for dummies