DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Powered by GitBook
On this page
  • Two-factor authentication required
  • Authorization list of IP addresses
  • Secure cloud hosting
  • Encryption of data in transit
  • Data encryption at rest
  • Organization audit logs
  • Unique identifiers
  • Data backup
  • Data archiving rules
  • Password rules
  • API token controls
  • Full access control
  • Secure authentication based on OpenIdConnect for all of our sites

Was this helpful?

  1. Security

Security at Dastra

Security is an integral part of the structure of our Cloud products, our infrastructure and our processes, so you can be sure that your data is protected.

Two-factor authentication required

All organization owners have the ability to force the use of two-factor authentication.

Authorization list of IP addresses

Organization's owner are able to secure the application's connection using Ip whitelisting

Secure cloud hosting

All of your data is stored at Microsoft Azure in hosting resources located in France and Netherland.

Encryption of data in transit

All data exchanged between our customers and applications is encrypted in transit using the TLS (Transport Layer Security) protocol with PFS (Perfect Forward Secrecy). The encryption certification authority is CloudFlare inc.

Data encryption at rest

The data disks on the servers hosting customer data in the Azure cloud are all encoded at rest using "Transparent data encryption" technology.

The physical files are also statically encrypted in the Azure Storage service with a 256-bit transparent encryption system AES encryption, one of the strongest algorithms which is FIPS 140-2 compliant.

Organization audit logs

Organization administrators can track all changes to user management and access permissions.

Unique identifiers

Each user has a unique identifier and the use of accounts shared between several users is not authorized.

Data backup

All of the data (Azure SQL) and files (Azure Blob Storage) of our users are regularly backed up with a history of one month.

Data archiving rules

In the case of an account deletion, the data is kept for 1 month before its final deletion.

Password rules

At least 8 characters comprising 3 of the 4 types of characters (uppercase, lowercase, numbers, special characters).

Delay in accessing the account after several failures.

Encryption of passwords in databases with strong encryption rules.

API token controls

View and manage all API keys used by developers in your organization

Full access control

Use of the role-base-access-control (RBAC) access management model. The person in charge of the organization is able to choose the roles and permissions of each user.

Secure authentication based on OpenIdConnect for all of our sites

OpenID is a decentralized authentication system that enables single sign-on, as well as attribute sharing. It allows a user to authenticate with several sites (having to support this technology) without having to remember an identifier for each of them but by using each time a unique OpenID identifier.

Last updated 1 year ago

Was this helpful?

The authentication authority is uses IdentityServer4 technology to ensure the authentication of all our users.

🛡️
https://account.dastra.eu