Security

ACCOMMODATION

Our site is hosted by Amazon Web Services (AWS), which is one of the most recognized hosting companies in the world. This hosting gives us several advantages:

  • Secure infrastructure
  • Dynamic capacity: servers automatically adjust when additional capacity is needed or when there is a production peak on our platform, preventing outages and loss of access to your account and data.
  • Servers and replacement environments: the servers are located on three different sites, which means that if one of them breaks down, the other two take over instantly. If the breakdown causes Stafiz to stop working on one of the sites, the settings allow a new environment to be recreated in a few minutes.

SECURITY MEASURES

The security of the site is ensured by various means:

  • Hosting security: see above
  • System security: Stafiz software is developed on Laravel which contains many levels of security at the heart of its functions.
  • Cybersecurity: the software code is protected against all "classic" hacking attacks: SQL injections, cookie theft, MITM, XSS, etc.
  • HTTPS connection: RSA 2048 bits (SHA256withRSA). We have the A notation on SSLlabs.
  • Activity on the platform is carried out through secure logins, and alerts are automatically sent to our teams when an action triggers one of the many security checks we have defined.
  • Confidential data (names, passwords, etc.) are encrypted.

Our software has been audited by an external consulting firm that performs pen tests on the code. These audits are replicated regularly as lines of code are added to the software, especially when complete bricks are added.

RIGHT OF ACCESS

User access rights are set by your company's administrators. If a user tries to access a page for which they are not authorised, they will be blocked and an alert will be sent to our technical/security services for investigation.

SERVICES

DILYNX SAS undertakes to keep the service operational and online 24 hours a day, 7 days a week and 365 days a year, with an average annual availability rate of 99.8%.

Penalties may be requested if this commitment is not met: the fixed amount of the penalties shall be equal to 30% of the monthly fee for the period during which the rate of unavailability was higher than the contractual commitment. In order to benefit from the penalties, the Customer must request them in writing from Stafiz within 5 (five) working days following the observation of the non-compliance with said commitments.

Any incident can be communicated to Stafiz by phone or email.
Each time an incident is opened, a unique identifier is given to it to ensure that the incident is followed up until it is closed. All processing of an incident begins with a classification:

  • Blocking incident: an essential functionality can no longer function even partially. The deadline for resolution or implementation of a workaround is 1 working day from the time the incident is reported.
  • Inconvenient incident: The service is disrupted but can function although the level of service cannot be guaranteed. The resolution time is 3 working days from the time the incident is reported,
  • Minor incident: The Service is not disrupted and can operate with the level of service provided. The response time is 30 working days from the reporting of the incident.

BACKUPS AND REVERSIBILITIES

All the data you entrust to us is recorded using the AWS RDS system, and the data is replicated on several servers spread over several geographical areas (in France) to ensure maximum security against loss.

Copies of the database are made daily and retained for 30 days.

As Stafiz users, you can also permanently extract all of your data via the export pages made available in the tool. The reversibility of data during subscription or up to 30 days after the end of subscription to the services.