Unambiguous Identification and Authentication
The platform has a login system that requires a password and a valid user to access the information. Each user is uniquely identified.
For more details see: Authentication in Athento
Assignment, distribution and storage of passwords ensuring confidentiality and integrity
Some of the mechanisms that Athento uses to guarantee the confidentiality in the distribution and management of passwords, as well as their integrity, are explained below.
- Password encryption
- Password management functionality
- Confidentiality and password distribution
- Password recovery
Duration of passwords
By default and unless otherwise stated, passwords expire 12 months after they are entered.
Athento require the use of secure passwords.
Athento allows you to avoid using previously used passwords.
Athento incorporates automatic user blocking mechanisms when certain situations occur.
Athento has a user access management log.
Data Protection Incidents
Data Protection Incidents Register
Athento has a platform for recording customer incidents.
Users can submit their issues by any of the available contact methods (How to report a support case?).
Our incident logging system allows us to store information about the reported incident and exchange information for its prompt resolution.
Some of the information that is stored for each occurrence is:
- Type of incident
- Time and date when the incident is reported
- User reporting the issue
- Person who is assigned to resolve the request
In addition, the system allows detailed documentation of the characteristics of the incident, the measures to resolve it and, in general, any communication between Athento and the user reporting the incident. It is also possible to add users in copy of the incident when it is considered that they should be aware of the situation.
If the resolution of the incident involves data recovery, our team documents which member of our team performs the data recovery, what data is restored and whether any manual intervention was required.
Athento will report to the relevant data protection authority the data protection incidents within the deadlines estimated by the Law according to the criticality of the incident, which will involve assessing the potential damage to the data subjects' data, the volume of personal data affected and/or the level of personal data.
Secure Data Deletion
Athento allows enabling automatic secure data deletion operations, as well as implementing retention policies that execute purges (permanent secure deletions) of documentation that requires it (How to apply retention policies on documents?).
You may also be interested in How does Athento perform secure and permanent deletion of documents?
Location and data transfers
Access to the platform and, in general, any data transmission is done through secure protocols, specifically TLS (Transport Layer Security).
Location of data
Athento stores its data in data centers in Europe. There are also data centers in Canada. The locations of the various data centers are listed below.
Customers with OVH infrastructure (by default), can see in the following image the location of the datacenters used.
You may also be interested in Datacenters Security Measures
With some infrastructure providers, encryption of data at rest is possible.
Data transfers with the United States and the United Kingdom
The documents of Athento's cloud clients, as well as the information about their documents (metadata) are not transferred to the mentioned countries. The data is stored on servers in France and Canada.
Third party services
Athento Cloud uses third-party services to improve the product and ensure the availability and proper functioning of the service. In the following link you can consult the nature of the third party services used Athento uses third party services?