At Surfy, the security of information systems is not an option, but an absolute priority. Our Security Assurance Plan (SAP) reflects this unwavering commitment to the protection, integrity, and confidentiality of our clients' data. Through a rigorous approach, advanced authentication technologies, and a robust infrastructure, we ensure proactive defense against threats, while guaranteeing optimal business continuity. Surfy is committed to maintaining and enhancing user trust through impeccable security.
At Surfy, the confidentiality, integrity, and availability of our clients' information are at the heart of our concerns. We adopt a multidimensional approach to protect these essential informations through continuous control and improvement of our applications, systems, and processes.
Our hosting centers comply with international security standards such as ISO 27001, SOC 1, and SOC 2/SSAE 16/ISAE 3402, thus ensuring optimal protection of your data, hosted exclusively in France with Microsoft Azure France.
The Surfy web platform is secured by HTTPS, ensuring a secure connection and the protection of your data and passwords during their transit on the Internet.
We ensure that all security patches and fixes are installed immediately, thus guaranteeing the security and redundancy of our database.
User authentication is performed via JWT tokens and individual Office 365 or Google accounts via OAuth2, or enterprise accounts in accordance with the OpenId protocol. Surfy delegates the creation and management of passwords to Auth0, a leader in security.
Surfy is registered with the CNIL under declaration number 1866472 v 0, highlighting our commitment to the protection of personal data.
Our commitments to the security of data and applications hosted on our platform, accessible via https://app.surfy.pro.
Adaptability and Vigilance: At Surfy, security is not just a policy; it's a culture integrated into our daily life. Our dynamic approach ensures quick adaptation to new threats, with a continuous commitment to train and inform our teams on best practices in information systems security (ISS).
Rigorous Resource Management: The meticulous classification and mapping of our IT assets allow us to maintain constant vigilance and apply targeted and effective access management, thus ensuring the maximum protection of sensitive data.
The use of the most advanced authentication technologies, such as electronic certificates and Multi-Factor Authentication (MFA), strengthens our security barrier, preventing unauthorized access to our systems and data.
Physical access control to premises and traceability of visits are rigorously managed to prevent any unauthorized access, thus complementing our IT security with unwavering physical security.
We adopt a proactive security posture through the hardening of IT resources, systematic deployment of critical updates, and a relentless fight against malware, thus ensuring a solid defense against vulnerabilities.
Preparation and Reactivity: Our Business Continuity Plan (BCP) is designed to ensure resilience and rapid recovery of our services in the event of an incident. Thanks to a highly redundant infrastructure and proven backup and restoration procedures, we guarantee continuous availability of our services.
Strengthened Partnerships: Rigorous security management with our subcontractors and partners strengthens our security ecosystem, ensuring a solid trust chain throughout our value chain.
Audit and Improvement: Regular audits, both internal and external, allow us to measure the effectiveness of our security policies and identify areas for improvement, thus ensuring that our security posture continually evolves to counter emerging threats.