Archidata Trust Center
Documents
Policy Statements
-
Data Encryption Archidata maintains a strict Encryption Policy governing the use of cryptography to protect sensitive data.
This policy applies equally to client information and internal assets. All sensitive data, whether at rest or in transit, is systematically protected through encryption mechanisms that comply with recognized security standards. -
Asset ManagementArchidata maintains a formal Asset Management Policy that governs the identification, classification, usage, and protection of information assets.
-
Access Control Archidata maintains an Access Control Policy that governs the assignment, management, and revocation of access rights to systems, data, and critical resources.
Access is granted based on the principle of least privilege, aligned with operational roles and responsibilities. Authentication, traceability, and periodic review mechanisms are in place to ensure compliance and reduce the risk of unauthorized access. -
Acceptable Use Archidata maintains an Acceptable Use Policy that governs the responsible use of assets, prohibits unauthorized or malicious activities, and outlines user obligations regarding security, confidentiality, and compliance.
-
Third-Party ManagementArchidata maintains a Third-Party Management Policy that defines security, confidentiality, and compliance requirements, applicable from the initial selection through the entire contractual lifecycle with external providers.
This policy helps mitigate risks associated with third-party dependencies and supports a strong security posture. Monitoring mechanisms and periodic reviews are also in place to ensure that third parties meet the expected standards. -
Incident Management Policy & Business Continuity PlanArchidata maintains an Incident Management Policy and a Business Continuity Plan designed to ensure operational resilience in the event of a disruptive incident.
Security incidents are detected, logged, analyzed, and handled according to established procedures.
The continuity plan includes recovery scenarios, defined responsibilities, and periodic testing mechanisms to minimize service interruptions and ensure the availability of essential operations. -
Data HostingArchidata’s client data is hosted on Microsoft Azure, a certified cloud platform that meets the highest standards of security and compliance.
This data is encrypted both at rest and in transit, and stored in data centers located in jurisdictions aligned with applicable regulatory requirements.
Azure holds internationally recognized certifications such as ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC 1/2/3, CSA STAR, FedRAMP, GDPR, and HIPAA, ensuring a secure and auditable environment for hosting sensitive information.
For additional, more specific details regarding Microsoft Azure security, please refer to : https://www.microsoft.com/en-ca/trust-center -
Cybersecurity Management PlanArchidata’s Cybersecurity Management Plan is structured around an Information Security Management System (ISMS) based on the international standard ISO/IEC 27001.
This framework is designed to ensure confidentiality, integrity, and availability of data, while supporting the resilience of digital operations.
The ISMS enables the identification, assessment, and treatment of information security risks through formal policies, technical and organizational controls, and continuous monitoring and improvement mechanisms. -
PasswordArchidata enforces a strict Password Policy to strengthen the security of system and data access.
Passwords must meet complexity requirements, include a minimum number of characters, and be changed periodically.
Protective mechanisms against unauthorized access attempts—such as account lockout and multi-factor authentication (MFA)—complement this approach to ensure the confidentiality and integrity of information -
Security PolicyArchidata has a rigorous security policy designed to protect information, systems, and users.
This policy establishes the principles, measures, and responsibilities necessary to ensure the confidentiality, integrity, and availability of data. It is based on the international standard ISO/IEC 27001, providing a structured and globally recognized approach to information security management.
Privacy of Personal Data
In accordance with Quebec Law 25 on the confidentiality of personal data, Archidata commits to respect the personal data of its users and to put in place specific measures to ensure their protection. The data we collect is processed transparently in accordance with current regulations. We only use them for the purposes for which they were collected, namely the proper functioning of our websites and the analysis of browsing data.
What types of personal data are collected by the Archidata Solution?
Archidata collects the minimum amount of information about users of its platform: their name, company name, professional email (required) and professional telephone number (optional). This data is used exclusively to be able to contact users regarding their actions on the Archidata platform (for example, sending automated orders or approval requests by email, contact by email or telephone regarding a connection problem, etc.). This data is in no way used for solicitation and is not shared with third parties.
Does the Archidata Solution use cookies on its site?
Archidata uses session cookies on the Archidata Solution. Cookies are small files that are saved on the user's device (smartphone, computer, tablet) and which allow communication with a server. Session cookies are temporary and only last during the user's visit to the Website; they are destroyed when disconnecting from the site. These cookies act as trackers to allow a user's progress to be followed from page to page.
Please note that no cookies are used on the Archidata corporate site.
How are session cookies used in the Archidata Solution?
In the Archidata Solution, session cookies are used to control users' access and editing rights to modules and portions of the site. Their purpose is to protect the integrity of our customers’ database.
Session cookies are linked only to the user's ID and work email address (required) and work phone number (optional).
Why does the Archidata Solution not ask for consent and offer cookie personalization options?
The type of cookies used by the Archidata Solution do not require consent or personalization because they are strictly necessary for the operation of the website and are used to provide a service that has been explicitly requested by users.
Archidata wishes to reassure users of its Solution: cookies are destroyed upon disconnection so that no data is retained. In addition, cookies are only linked to the user's Archidata identifier, no other data is associated with them.
How are the accounts of past users who have become inactive on the Archidata Solution managed?
|
Collection |
Procedure at the time of account closure |
Use of data after account closure |
|
|---|---|---|---|
|
Name |
All (required) |
Name and password changed to prevent login |
Used to keep track of change histories. If a user is deleted, all actions they have performed on the site will be deleted along with the account. Deletion is therefore impossible. |
|
Business email |
All (required) |
Email address changed |
|
|
Business phone |
Optional |
Deleted phone number |
N/A |
How is client data managed by Archidata?
Archidata has contact information for current, past and potential clients. These people can be contacted for billing, to transfer news to Archidata, to send birthday wishes. This information is under no circumstances shared with third parties or transferred outside of Quebec.
Any person contacted can write at any time to ask to be removed from the mailing list and to destroy the information.
How to find out more?
To learn more about our enhanced privacy policy, please contact our Privacy Officer:
Isabelle Tremblay
Vice-President, Major Accounts
itremblay@archidata.com
1-514-876-1770