• fr
  • us
  • en

The Safety and Security of Yooz

Trust Yooz to protect your data.

The availability and reliability of the Yooz platform and the confidentiality and security of your data are our top priorities.

SSAE16 SOC 1 (ISAE3402) Audits

Yooz completes SSAE16 SOC1 audits once a year to give its customers the highest level of assurance that their data is safe. The auditor’s examination verifies that the Yooz internal processes are properly defined and rigorously monitored to meet the highest operational standards and offer the best quality of service to our customers.

protect-account

Data Security

As with any true SaaS application, all Yooz clients share the same platform. To increase the security and data separation, we manage the data of each customer in a distinct database.

Access to the application is secured via HTTPS for the best level of security. User credentials require a “strong” password and password policy is configurable to match your internal policy.

Yooz is also regularly tested for vulnerabilities by external auditors to prevent any security breach. Among those auditors, Qualys (specializing in information security and compliance) and some of the largest financial audit firms who are also Yooz customers or resellers continuously ensure that Yooz respects their respective compliance requirements.

qualys
picto-protect-data

Best-of-Breed Datacenters

Hosting is a key component for any cloud application that requires unique expertise. Yooz has carefully selected its datacenters based on the quality and security of their infrastructures, service level agreements and their international presence.

The hosting infrastructures can support the high availability of the solution thanks to the redundancy of all critical components and real-time data replication. The measured availability was above 99.9% in the past 12 months.

Our datacenters have the following certifications:

USA
Certifications

  • CJIS
  • DFARS (Defense Federal Acquisition Regulation Supplement)
  • DoD (Department of Defense, DoD) aux niveaux d’impact 5, 4 et 2.
  • FDA CFR Title 21 Part 11 (Food and Drug Administration)
  • FERPA (Family Educational Rights and Privacy Act)
  • FIPS 140-2 (Federal Info Processing Standard)
  • HIPAA/HITECH (Health Insurance Portability & Accountability Act)
  • HITRUST (Health Information Trust Alliance)
  • IRS 1075 (US Internal Revenue Service Publication 1075)
  • ITAR (International Traffic in Arms Regulations) aux États-Unis)
  • MARS-E (Minimum Acceptable Risk Standards for Exchanges, MARS-E)
  • NIST 800-171
  • NIST CSF (National Institute of Standards and Technology)
  • PCI DSS (normes de sécurité des données de l’industrie des cartes de paiement) Niveau 1 version 3.1

International
Certifications

  • CDSA (Content Delivery and Security Association) et CPS (Content Protection and Security).
  • CSA STAR Attestation (Cloud Security Alliance)
  • ISO 9001
  • ISO 20000-1:2011
  • ISO 22301
  • ISO 27001
  • ISO 27017
  • ISO 27018
  • MPAA
  • SOC 1
  • SOC 2

UK
Certifications

  • FACT (Federation Against Copyright Theft)
  • NHS IG Toolkit
  • UK Cyber Essentials PLUS (Cyber Essentials PLUS est un modèle défini par le gouvernement du Royaume-Uni dans le but d’aider les entreprises à se protéger contre les menaces courantes de cyber-sécurité)
  • UK G-Cloud
Chat