Security in Exalog software


The security of our software is our priority

Our software programs are constantly being improved to guarantee a level of security that meets the challenges of our clients in terms of :

ISO 27001 certification: our commitment to security

Exalog has been ISO 27001 certified since October 2023. This prestigious, internationally recognised standard sets out strict criteria for information security management systems. By adopting these standards, we are demonstrating our determination to maintain and constantly improve our IT security measures. This certification reflects our proactive policy of protecting sensitive information, offering our clients and partners additional assurance of the reliability and security of our solutions.

ISO 27001

Access to their environment

The primary way to limit the risks of intrusion into a software is to ensure secure access. To achieve this, we use strong authentication methods, combining any two of the following three factors: something they know (password), something they have (FIDO key), or something they are (facial recognition).


Our clients connect very quickly thanks to facial or digital recognition. To do so, they must have an infrared camera or fingerprint reader.

Digital certificate

The personal digital certificate is a digital identity document. It contains identification information, cannot be falsified, and is issued by a recognised authority (e.g. SWIFT, Certinomis, etc.).

Login and password

The combination login + password is another way to access our software.

FIDO key

Easy to buy on the market, this USB key has a unique identifier that allows our clients to connect simply by plugging it into their computer.
Learn more about FIDO key

Authentication grid and security code card

A code must be entered in an authentication grid, with numbers randomly positioned for each connection. The code requested will also be different each time you try to access it.

In addition to these five authentication systems, our softwares offer access control by IP address.
This means defining for each user the IP address ranges from which the connection is allowed. Without this setting, the software performs the location check by default each time you log in. If the connecting IP address is unusual, Allmybanks will detect it and users will have to reconfirm their identity by entering a security code.

User rights

Once the user’s identity has been established, it is necessary to determine the possible actions within the software: granting authorisations or, on the contrary, limiting access to specific functions or responsibilities.

  • Users rights: it is the administrator who defines the functions that users can access, the authorised bank accounts, or the remittances validation limits.
  • Autonomy: the administrator can manage authorisations on their own; they do not need to ask Exalog to grant or delete rights, and the changes are immediate.
  • Traceability: all actions performed by users are tracked, and can be viewed by the administrator.
  • Unlimited users: the number of users with access to our software is unlimited and free.
User security

Data storage

How can we guarantee that the data is protected? That they are not at risk of being deleted and that our clients will always have access to them? That no one else can see them?

Data is stored in two ISO 27001 and ISO 22301 certified datacenters (the highest levels of certification for IT security and business continuity).

Our clients are the owners of the data stored in the software. They can therefore export them at any time.

In order to guarantee 24/7 availability, all the equipment is duplicated and data is backed up in real time on a backup server: no data loss in case of a downtime.

Since the data is stored in the software, and not on the banks’ websites, our clients do not have to worry about migrating them if they decide to change banks, and they will keep their history.

ERP bank exchange

Exchange of information with banks and ERP

We ensure that the information that our clients share with their banks/ERPs and our tools cannot be read by a third-party system, and that messages are properly transmitted. We meet the security recommendations of ANSSI (National Cybersecurity Agency of France).

As they pass through, all data is encrypted according to the TLS/SSL standard, which is designed to protect the confidentiality and integrity of communications.

Personal data

In compliance with the GDPR, the personal data recorded in our software is encrypted. These include personal names, emails, telephone numbers, account numbers, and credit card numbers.


Contact us

Your request has been sent !