|
|
|
|
|
|
by vajenetehais
1790 days ago
|
|
|
On their website they refer to multiple certification [0].
One of them is the CISPE and on their website, it is stated: "Requirement for CISP: (a) Security measures The CISP will implement and maintain appropriate technical and organisational measures for the CISP’s data centre facilities, servers, networking equipment and host software systems that are within the CISP’s control and are used to provide the CISP’s service (the CISP Network). Those technical and organisational measures should (a) be designed *to help customers secure personal data against unauthorised processing and accidental or unlawful loss, access or disclosure*, and (b) address the security responsibilities of the CISP as set out in Annex A (Security Responsibilities)." [1] I do not know about others certifications, but this situation seems to be a clear violation of one of the requirement for CISP. Answer to this requirement is disk encryption. Moreover they are authorized to store medical records and data. I can't imagine that they do this without providing proper disk encryption. in the light of this event, I'm not sure they qualify for all these ceertifications. [0] https://www.scaleway.com/fr/a-propos/ [1] https://cispe.cloud/code-of-conduct/ |
|
|
It’s possible scaleway aren’t certified, and are lying about it. Maybe they had an auditor in, maybe not, maybe they have a boatload of nonconformities that they’re not documenting (which you must, if you have them).