Security in Exalog software
The security of our software is our priority
Access to their environment
The primary way to limit the risks of intrusion into a software is to ensure secure access. To achieve this, we use strong authentication methods, combining any two of the following three factors: something they know (password), something they have (FIDO key), or something they are (facial recognition).
In addition to these five authentication systems, our softwares offer access control by IP address.
This means defining for each user the IP address ranges from which the connection is allowed. Without this setting, the software performs the location check by default each time you log in. If the connecting IP address is unusual, Allmybanks will detect it and users will have to reconfirm their identity by entering a security code.
Once the user’s identity has been established, it is necessary to determine the possible actions within the software: granting authorisations or, on the contrary, limiting access to specific functions or responsibilities.
- Users rights: it is the administrator who defines the functions that users can access, the authorised bank accounts, or the remittances validation limits.
- Autonomy: the administrator can manage authorisations on their own; they do not need to ask Exalog to grant or delete rights, and the changes are immediate.
- Traceability: all actions performed by users are tracked, and can be viewed by the administrator.
- Unlimited users: the number of users with access to our software is unlimited and free.
How can we guarantee that the data is protected? That they are not at risk of being deleted and that our clients will always have access to them? That no one else can see them?
Exchange of information with banks and ERP
We ensure that the information that our clients share with their banks/ERPs and our tools cannot be read by a third-party system, and that messages are properly transmitted. We meet the security recommendations of ANSSI (National Cybersecurity Agency of France).
As they pass through, all data is encrypted according to the TLS/SSL standard, which is designed to protect the confidentiality and integrity of communications.
In compliance with the GDPR, the personal data recorded in our software is encrypted. These include personal names, emails, telephone numbers, account numbers, and credit card numbers.