More than a GDPR compliance…
The boom in process digitalization, big data and the IoT has spurred an exponential increase in data production. The volume of data worldwide has risen to 15 zettabytes and personal data represents a growing share of that total.
The European Union established the General Data Protection Regulation (GDPR) to protect and safeguard its citizens’ personal data. The GDPR is forcing major changes in how public and private organizations manage data. Those organizations are now responsible for ensuring that data is used in a reasonable, transparent way, that it is securely stored and that users have easy access to their data along with the ability to review, modify or delete personal information.
Our mission has always been to protect people, along with their goods and their data, by securing their identity and access. For more than 20 years, our development policy has been based on open technology and public-key cryptography standards, ensuring that all of our products and solutions comply with current GDPR requirements in complete transparency.
More than GDPR compliance…
The boom in process digitalization, big data and the IoT has spurred an exponential increase in data production. The volume of data worldwide has risen to 15 zettabytes and personal data represents a growing share of that total.
The European Union established the General Data Protection Regulation (GDPR) to protect and safeguard its citizens’ personal data. The organizations are now responsible for ensuring that data is used in a reasonable, transparent way , that it is securely stored and that users have easy access to their data along with the ability to review, modify or delete personal information.
Our mission has always been to protect people, along with their goods and their data, by securing their identity and access. For more than 20 years, our development policy has been based on open technology and public-key cryptography standards, ensuring that all of our products and solutions comply with current GDPR requirements in complete transparency.
Welcome to High Security
As a forerunner in the field of high-level security – STid was the first manufacturer to receive top-level security certification* from France’s National Cybersecurity Agency (ANSSI) – we were a recognized leader in data protection long before the introduction of the GDPR:
|
*Certified reader: LXSW33EPH57AD1 –ANSSI-CSPN-2013/03 certificate dated March 19, 2013.
GDPR compliance of your access control system
User management: the role of organizations
|
Links in the access control value chain: the role of manufacturers and integrators
|
Data: the role of organizations
|
A compliant, end-to-end solution
|
|
|
|
|
|
|
|
|
|
|
|
|
All data transfers are conducted via encrypted communication based on public algorithms that comply with France’s General Security Guidelines (RGS), to ensure the integrity and confidentiality of information exchanges.
Our goal is to help you bring your entire solution into compliance
STid is a keylink in the ecosystem of your access control solution.
Since the reader is the only visible part of an access control system, it must withstand the physical and logical attacks of threats
that would compromise secure access to your organization and the confidentiality of your information.
To ensure a secure link to the system, STid has developed the first protocol certified by ANSSI.
With the SSCP protocol, your organization guarantees the confidentiality and integrity of end-to-end information.
Certifications by independent bodies
We’re the first manufacturer to receive ANSSI’s top-level security certification (CSPN), and we offer solutions that comply with ANSSI’s leading architecture. We are audited regularly by independent certification bodies, such as Phonesec or as Cogiceo, which verify the security and protection level of our solutions.
Our data and those of our customers are hosted on two hosting services that set the standard when it comes to security. We require that they meet the most stringent standards on the market:
-
HADs and PCI-DSS certifications, SOC 1 TYPE II / SOC 2 TYPE II attestations and ISO 27001 / 27002 / 27005 standards – Security of hosting, access and processing data and information
-
Protection anti-DDoS – Data access security and durability
-
STAR self-assessment - Cloud Security Alliance - Cloud computing environment security
-
VMware certification and OpenStack Powered – Cloud architecture security certifications from virtualization and cloud computing market leading
-
APSAD certification – Data hosting areas and facilities protection
Three data storage methods,
one level of compliance
Our customers can choose to have their data hosted in one of three ways:
-
on their own servers*,
-
offline,
-
online on the secure servers operated by our partner hosting services.
As a result, our integrator customers can meet the security policies of even the most demanding organizations while ensuring the very highest level of data protection.
*If the data is hosted on our customers’ local servers or by their own hosting companies, we guarantee the integrity of our security exclusively across the communications chain for which we are responsible.
Helpful info
Why is it important for companies to comply with the GDPR?
Companies are collecting and processing personal data on an increasingly massive scale. Numerous cases of harmful disclosure have made headlines worldwide, with serious adverse consequences for those involved. It is important for all of us to be able to manage our data security and be assured that our data is protected. The European Union adopted the GDPR for just that purpose. Companies that fail to comply with its provisions can pay a heavy price, including fines of up to 4% of their annual global revenue.