-
Data Encryption
Archidata maintains a strict Encryption Policy governing the use of cryptography to protect sensitive data.
This policy applies equally to client information and internal assets. All sensitive data, whether at rest or in transit, is systematically protected through encryption mechanisms that comply with recognized security standards.
-
Asset ManagementArchidata maintains a formal Asset Management Policy that governs the identification, classification, usage, and protection of information assets.
-
Access Control
Archidata maintains an Access Control Policy that governs the assignment, management, and revocation of access rights to systems, data, and critical resources.
Access is granted based on the principle of least privilege, aligned with operational roles and responsibilities. Authentication, traceability, and periodic review mechanisms are in place to ensure compliance and reduce the risk of unauthorized access.
-
Acceptable Use
Archidata maintains an Acceptable Use Policy that governs the responsible use of assets, prohibits unauthorized or malicious activities, and outlines user obligations regarding security, confidentiality, and compliance.
-
Third-Party ManagementArchidata maintains a Third-Party Management Policy that defines security, confidentiality, and compliance requirements, applicable from the initial selection through the entire contractual lifecycle with external providers.
This policy helps mitigate risks associated with third-party dependencies and supports a strong security posture. Monitoring mechanisms and periodic reviews are also in place to ensure that third parties meet the expected standards.
-
Incident Management Policy & Business Continuity PlanArchidata maintains an Incident Management Policy and a Business Continuity Plan designed to ensure operational resilience in the event of a disruptive incident.
Security incidents are detected, logged, analyzed, and handled according to established procedures.
The continuity plan includes recovery scenarios, defined responsibilities, and periodic testing mechanisms to minimize service interruptions and ensure the availability of essential operations.
-
Data HostingArchidata’s client data is hosted on Microsoft Azure, a certified cloud platform that meets the highest standards of security and compliance.
This data is encrypted both at rest and in transit, and stored in data centers located in jurisdictions aligned with applicable regulatory requirements.
Azure holds internationally recognized certifications such as ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC 1/2/3, CSA STAR, FedRAMP, GDPR, and HIPAA, ensuring a secure and auditable environment for hosting sensitive information.
For additional, more specific details regarding Microsoft Azure security, please refer to : https://www.microsoft.com/en-ca/trust-center
-
Cybersecurity Management PlanArchidata’s Cybersecurity Management Plan is structured around an Information Security Management System (ISMS) based on the international standard ISO/IEC 27001.
This framework is designed to ensure confidentiality, integrity, and availability of data, while supporting the resilience of digital operations.
The ISMS enables the identification, assessment, and treatment of information security risks through formal policies, technical and organizational controls, and continuous monitoring and improvement mechanisms.
-
PasswordArchidata enforces a strict Password Policy to strengthen the security of system and data access.
Passwords must meet complexity requirements, include a minimum number of characters, and be changed periodically.
Protective mechanisms against unauthorized access attempts—such as account lockout and multi-factor authentication (MFA)—complement this approach to ensure the confidentiality and integrity of information
-
Security PolicyArchidata has a rigorous security policy designed to protect information, systems, and users.
This policy establishes the principles, measures, and responsibilities necessary to ensure the confidentiality, integrity, and availability of data. It is based on the international standard ISO/IEC 27001, providing a structured and globally recognized approach to information security management.
In accordance with Quebec Law 25 on the confidentiality of personal data, Archidata commits to respect the personal data of its users and to put in place specific measures to ensure their protection. The data we collect is processed transparently in accordance with current regulations. We only use them for the purposes for which they were collected, namely the proper functioning of our websites and the analysis of browsing data.