Scalingo, first French and European PaaS ISO 27001 and HDS certified.

For Scalingo, the protection of our user's data and privacy has always been a priority, and we are constantly working to improve this.

That's why we are today happy to announce that after a long period of preparation and auditing of all kinds, Scalingo is officially certified HDS (Health Data Hosting Company) and ISO 270001 !

This means that as of now, Scalingo as a company is ISO 27001 compliant and that our services are HDS certified, allowing the hosting of health data on the platform (in France).

In this article, we will go into more detail to explain what these certifications mean, and what opportunities they could represent for you. As a reminder, earlier this year we published the first article about these certifications and our adopted strategy.

What are certifications?

Certification is when an independent and recognized body provides written assurance that an organization, product, or service conforms to requirements specified in a standard.

Thus, certification is a voluntary process on the part of an organization, which aims to obtain a guarantee of quality in the broadest sense for their users.

These certifications serve as an intermediary between Scalingo and our users and provide third-party validation that our system security and data privacy practices are consistent with the expected standards.

What is the purpose of the ISO 27001 standard?

To begin with, ISO 27001 is a standard developed by the International Organization for Standardization. These ISO standards are recognized by many experts and have international value.

The ISO 27001 standard in question is the information security management standard and aims to provide requirements for organizations with regard to their information security management system (ISMS).

An ISMS can be defined as a set of written rules in the form of policies, procedures or other documents, to implement information security.

This standard then implies the implementation of a set of procedures defined by the experts of the International Standards Organisation, to ensure a high level of information security management.

What about HDS certification?

The HDS certification stands for "Health Data Host" and was developed by the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information).

HDS is a French certification that focuses on protecting the confidentiality of personal data, including health data. Its main axes are the guarantee of quality and continuity of service.

This certification is essential for companies working with sensitive data related to health, and thus allows these users to choose Scalingo as a host for this data.

Please note that ISO 27001 is a mandatory requirement for HDS certification.

What is the scope of Scalingo's HDS certification?

Scalingo is certified for all HDS activities, namely:

Provision and maintenance in operational condition of physical sites to host the physical infrastructure of the information system used for processing health data;
Provision and maintenance in operational condition of the physical infrastructure of the information system used for processing health data;
Provision and maintenance in operational condition of the information system’s application hosting platform;
Provision and maintenance in operational condition of the virtual infrastructure of the information system used for processing health data;
Administration and operation of the information system containing the Personal Health Data;
Outsourced backups of health data.

What does this mean for our users?

Today, Scalingo as an organization is ISO 27001 certified, and our services are HDS certified.

This means for our users that our platform has a specific guarantee by independent organizations, certifying the quality of service.

This provides added value for all Scalingo users at no additional cost. Moreover, for the users concerned, HDS now allows the practice of activities related to the health domain on the Scalingo PaaS.

What changes?

The only change related to certifications is the update of our general terms of service.

Indeed, to comply with expectations and obtain the certifications, some changes on our terms of service have occurred.

In order to understand more about these changes, we have written an article entirely dedicated to this subject, explaining in detail this subject and the terms of acceptance.