Security, availability and personal data protection are our top priority. The ESII organisation has a complete and robust set of policies and procedures that ensure continued information security, legal compliance and business continuity to support our clients.
- Pentest: penetration tests carried out by an authorized company every 6 month.
- Control and correction of main OWASP25 et SANS100 flaws directly from the source code.
- Access control to the ORION platform only by name with a bastion of security and traceability of all actions carried out on an independent log server.
- Passwords control with a centralized tool accessible by double authentification (with verification of password security scores – reliability, password compromise).
- HTTPS and WSS network flows only OUTGOING on ports 443 and 8883.
- Authentification server to the ORION solution with compliance with the French Information Security System Security Agency recommendations, protecting against Bute-force attacks, blocking after 10 attempts and possibility of SSO identity delegation on OpenID protocols.
- Review and follow-up of internal documentation for all security-related procedures (Technical Architecture Document, Security Insurance Plan, General Security Policy of Health Information Systems…)
Related pages
Drive growth with API’s for all your business platforms.
ESII as an organisation is compliant with the standards of GDPR. We work continuously with our legal advisors and Data…
Our cloud-based system architecture ensures Orion can be scaled across a large number of stores and regions with low latency,…
