Deltablot Regulatory Compliance

Cyber Essentials cyber-essentials-logo

Deltablot has the Cyber Essentials certification. This certificate indicates that necessary measures have been taken to ensure a high level of security of the infrastructure and administration processes, and subsequently, your data.

You can see the certificate here.

HIPAA Compliance Statement

This part applies to the eLabFTW PRO Hosting service provided by Deltablot.

Encrypted data transfer

When transferred over the network, all the data is encrypted with modern encryption ciphers (TLS 1.2) and big (2048 bits) Diffie-Hellman parameters. The TLS configuration is rated A+ by Qualys:

qualys-a

Physical security of data

For clients in the European Union with servers in France:

Your data is stored in a datacenter with the following certifications:

  • ISO 27001
  • ISO 50001
  • HDS

You can learn more about the Security Policy of the cloud provider here.

For clients in North America with servers in Canada or USA, you can learn more about the cloud provider certifications here.

Remote backup of data

Your data is also copied on a server in Zurich, Switzerland. The data is encrypted during the transfer, but also at rest with a long and unique passphrase. The service used for that is Rsync.net and you can see their compliance here (more links in their footer).

Access to data

Only you and Nicolas CARPI, CEO can access your data.

Written contingency plan

In case of emergency, a contingency plan has been written to allow fast recovery of the data and restauration of the service.

GDPR

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). (source: Wikipedia). You can see the details on how personal data is collected, why and for how long on the privacy page.

ISO 27001

ISO/IEC 27001:2013 (also known as ISO27001) is the international standard that sets out the specification for an information security management system (ISMS). The Deltablot company is currently in the process of obtaining this certification.

PCI

Users have the possibility to pay via Credit Card through Stripe. You can learn more about the security at Stripe on this page. Deltablot does not process nor store Credit Card information.