With the entry into force of the GDPR, discover the current projects with this series of questions and answers addressed to Xavier Vanmeerbeck, our Chief Information Security Officer.
What are your responsibilities as Chief Information Security Officer?
I have to ensure that the data we process for meeting scheduling, including personally identifiable information, are well protected. Those actions are done at several levels :
- Application of security policies and procedures
- Continuous training and security awareness of staff
- Risk analysis and design of security measures
- Audit, monitoring and test of security measures
Can you give some examples of measures taken to protect your users’ data?
We have implemented some technical measures like the creation of multiple independent applications or the encryption of data stored at rest in databases.
We have also improved the auditability and the security of authentication by activating a single sign-on system with 2 factors on our internal applications.
What are the main changes related to GDPR?
On the security side, not much ! We are using ISO 27001 as a security reference. The latter already covered most security points of GDPR.
Most of the changes came on the contractual part and on communication with our users. We had to ensure that our contracts with our suppliers were GDPR ready, that we communicate well with our users regarding the purpose of our treatment and that our consent forms for data processing were clear enough. It didn’t revolutionize our organization as most of those processes were already ready but we had to work on more precise descriptions of what we do with data.
How do you ensure that data are secured? Do you use tools?
I’d say that the security’s pillar is to know what is going on. So for that:
- We monitor security news and alerts
- We monitor our infrastructure including resources usage, logs, audit trails and exceptions generated by our code
- We test, test and test again with continuous integration tools (automatically and manually)
- We deploy in a standardized way our configurations and applications using a centralized deployment system
What are your current projects to ensure that your users’ data stay safe?
We are in a security continuous improvement process. We have, among other things, some projects focused on the improvement of our monitoring (including finer grained metrics and alerts) or on the change of our vulnerability testing processes from punctual tests to continuous tests.
Are you good at keeping secret?
I can’t say 😉
Thanks Xavier for this overview of security at Julie Desk! For further information, discover our dedicated security page.