Security, availability and personal data protection are our top priority. The ESII organisation has a complete and robust set of policies and procedures that ensure continued information security, legal compliance and business continuity to support our clients.
- Pentest: penetration tests carried out by an authorized company every 6 month.
- Control and correction of main OWASP25 et SANS100 flaws directly from the source code.
- Access control to the ORION platform only by name with a bastion of security and traceability of all actions carried out on an independent log server.
- Passwords control with a centralized tool accessible by double authentification (with verification of password security scores – reliability, password compromise).
- HTTPS and WSS network flows only OUTGOING on ports 443 and 8883.
- Authentification server to the ORION solution with compliance with the French Information Security System Security Agency recommendations, protecting against Bute-force attacks, blocking after 10 attempts and possibility of SSO identity delegation on OpenID protocols.
- Review and follow-up of internal documentation for all security-related procedures (Technical Architecture Document, Security Insurance Plan, General Security Policy of Health Information Systems…)