Certifications & Security

The security at the core of CASD know-how

Granting access to confidential data is of the utmost importance for studies and research. Detailed personal data require a high level of security to avoid unwarranted dissemination or misuse (by an unauthorized third party) and, therefore, makes infrastructures, tools and systems allowing access critical.

To address these issues, CASD has put together its set of technologies for data dissemination which guarantees security and technically prevents any data file export.

CASD used all its know-how to create a secure data hosting setup compliant with the French regulation pertaining to the processing and dissemination of data protected by secrecy.

The party wishing to disseminate its confidential data can :

  • Have their data hosted at CASD;
  • Name the authorized persons to access the data (for the amount of time the party will have chosen);
  • Instruct CASD as to who will be authorized to have an SD-box;
  • Define the confidentiality rules.

This is in order to benefit from the guarantee of high level security for their data through confinement to avoid dissemination, while maximizing user comfort in terms of ergonomics and IT efficiency.

CASD processing has been authorized by the Commission Nationale de l’Informatique et des Libertés, CNIL (CNIL – Delibération number 2014-369).

ISO 27701 – Privacy information management system

The international standard ISO 27701, GDPR compliant, is an effective reference to take into account the best practices in the field of personal data protection. It complements the international standard ISO 27001 and aims to provide a framework for the protection of personal data with both a technical and organisational approach.

This standard was developed with the help of numerous data protection authorities, including in particular the CNIL : l’ISO 27701, une norme internationale pour la protection des données personnelles.

The CASD hosts personal data from several major institutions and it is essential that the CASD can provide strong guarantees for the protection of this data. With increased compliance, users benefit from the potential for more data for research and study purposes.

Certificate number : FR085434

ISO 27001 – Information Security Management

ISO 27001, the international standard in the field of IT security, covers all legal, physical and technical controls involved in an organization’s information risk management.

By adopting an Information Security Management System (ISMS) and being ISO 27001 certified, CASD reinforces its ability to :

  • Protect data against disclosure, loss, theft, alteration, intrusion ;
  • Ensure business continuity ;
  • Identify and control the risks of IT failure ;
  • Take risk management decisions based on the CASD’s strategic objectives and ensure a high level of information security ;
  • Guarantee users a robust ISMS and the reliability of its information system.

This certification covers the scope concerning the provision of secure services (or “secure bubbles”) for data hosting infrastructure via biometric access controls and encrypted connection from a dedicated box (SD-Box) installed in establishments that have signed a contract with CASD.

CASD management and all CASD employees, most of whom are themselves certified « ISO 27001 Lead Implementers », actively contribute to the safety process by implementing and respecting the technical, procedural and organisational safety measures that implement the CASD safety guidelines. To this end, the ISMS is monitored, reassessed and improved every year and all stakeholders in this process are regularly trained and made aware of the challenges and new threats related to information security.

Certificate number : FR078410

HDS – Health Data Hosting 

In addition to ISO 27001 certification, CASD has obtained the « Hébergeur de Données de Santé » (HDS – Health Data Hosting) certification from ASIP Santé, thus widening the scope of health data made available on the CASD.

Launched on April 1, 2018, the HDS certification attests of CASD’s ability to securely host personal health data collected during prevention, diagnosis, care or social and medico-social follow-up activities.

The CASD implements a management system adapted to their criticality to protect this sensitive data but also to secure all information and prevent the risks of malicious intent and cyber attacks.

With this certification, CASD guarantees the protection of personal health data and promotes a trusted environment around e-health and patient follow-up.

 

Certificate number : FR078411 – Version 1

GDPR – General Data Protection Regulation

The regulation nᵒ 2016/679, known as the General Data Protection Regulation (GDPR), is a text that aims to protect users’ personal data, i.e. any information relating to an identified or identifiable person, directly or indirectly, from a single data or by cross-referencing a set of data.

The GDPR governs the processing of personal data and stardardizes the rules in the European Union by providing a single legal framework for all professionals who can develop their digital activities on the basis of user confidence.

By being certified by Bureau Veritas, the CASD demonstrates its respect for the GDPR’s practices while respecting confidentiality, privacy and the rights of individuals. It assures all its users that the processing of personal data within its infrastructure is based on legal bases and is carried out in complete transparency by competent and authorised agents.

With regard to the GDPR, the CASD formalizes the measures it implements within its personal data protection policy: https://www.casd.eu/en/personal-data-protection/

Certification to the Health Data Security Standard (SNDS)

The decree of 22 March 2017 relating to the safety standard applicable to the National Health Data System (SNDS) sets out constraints for the provision of SNDS data.

Indeed, the data made available in the SNDS is sensitive. Although stored on the basis of pseudonyms, the combination of several variables can lead to the identification of the citizens concerned, which constitutes a risk of invasion of privacy. The standard was developed on the basis of a rigorous risk analysis in order to put in place the appropriate security measures.

Access to data is provided under conditions ensuring the confidentiality and integrity of the data and the traceability of access and other processing, in accordance with a reference system defined by decree of the ministers responsible for health, social security and digital technology, adopted after consulting the « Commission Nationale de l’Informatique et des Libertés » (CNIL).

Here is the table describing CASD’s compliance with the SNDS:

SNDS CASD
Risk analysis Carried out exhaustively for “medical files”.
Impact study Idem Risk Analysis
Carrying it out Completed
Testing Completed
Labelling To be done with the person in charge of processing
IT monitoring and follow up Completed
Externalisation
Risk Analysis Completed, Detailed risk analysis
PGSSI OK
Audit modalities OK – synthesis can be supplied on demand
Export OK – only towards RSDS
Awareness raising OK – enrolment sessions and contracts
awareness raising and training for administrators
Access modalities
Availability 24/24, 7/7
Access from an internal work station (PSSI-MCAS) Dedicated SD-Box™
The SD-Box™ has a dedicated use that is subjected to a high level of security
Data output Verification of a priori or a posteriori outputs with traceability and accountability (integrity by encryption)
Code of Good Practice of European Statistics
Data integrity The user only has reader access to source data (no editing or other type of access authorized).
Admin access Users and administrators have no internet access.
SD-Box™ guarantees the Bubble’s isolation
Identification and authentification
Identification Physical identification
Authentification Certification, access card, biometry, Authorization number 2014-369 by the French authorities (CNIL)
Traceability
Authentification Strong
Certification, access card, biometry
Role and authorization management OK, centralized by a directory
User Referential OK – Secure dedicated software
Resource referential OK – Secure dedicated software
Role and authorization referential OK – Secure dedicated and synchronized software
Shared dating OK – Dedicated infrastructure
Tracing back OK, session record
Specific Documentation OK
Trace logs: access, outputs, data matching, and admin operations. OK, technical traces
The need to trace can be arbitrated upon according to the risk
Surveillance
System response time OK
Increasing rights; OK – Audited regularly
Non-authorized output; OK – Audited regularly and tracebility
Non-authorized access to SNDS resource; OK – Audited regularly
Unusual modification source data from the SNDS; OK – Reading  only
Too large output OK – Audited regularly
Incident handling OK – See “palier 3 imputabilité”
Time-stamping OK – Dedicated and recorded procedure
Regular audits réguliers OK – At minimum, annually
Authorisation review OK – At minimum, annually
Access rights If possible technically (excluding anonymisation)

The purpose of these certifications is to provide formalized guarantees to data producers, rightly concerned that the use of data should be carried out in a framework that provides appropriate security for confidential data.

Audits

Auditing companies aim to verify as completely as possible the level of security cleared by CASD infrastructure within the constraints defined by data depositors.

The auditor must be specialized in IT security, PASSI (IT audit label) and labelled by the ANSSI (national agency for IT security), as well as competent in client OS, server, VPN attack methods, authentification mode attack methods, etc.

Audits follow 4 gradual scenarios which aim to successfully intrude, usurp identity, or retrieve a data file.

SCENARIO 1 : Internet encrypted tunnel attack with no declared IP public address

The auditing company knows the CASD network address, but the IP address is not among the list of addresses authorized to connect to CASD.

The company must study if an attack is possible on the VPN-SSL tunnel outlet, or if it is possible to extract information from this tunnel.

SCENARIO 2 : Internet encrypted tunnel attack with a declared IP public address

The company knows the CASD network address, the IP address is within the list of addresses authorized to connect to CASD.

The company must study if an attack is possible on the VPN-SSL tunnel outlet, or if it is possible to extract information from this tunnel.

SCENARIO 3 : Internet encrypted tunnel attack with a declared IP public address and in possession of an SD-Box

The company knows the CASD network address, the IP address is within the list of addresses authorized to connect to CASD, and they are in possession of an SD-Box.

The company must study if an attack is possible on the VPN-SSL tunnel outlet, or if it is possible to extract information from this tunnel.

The auditor will test if they can take control of the box:

– Take control of the OS (modification of the boot),
– Access the Shell one way or another,
– Access the RDP to open a session remotely,
– Access the box through the network,
– Usurp the central infrastructure (attack of the “man in the middle” type),
– Access USB ports, boot on a USB port,
– Modify the Bios,
– Read the hard-drive content (and if so try to connect),
etc.
This list is non-exhaustive and the company must attempt a maximum number of attacks (known or unknown to CASD) in that configuration.

SCENARIO 4 : VPN-SSL Internet attack with a declared IP public address, a smartcard and in a possession of an SD-Box

The company knows the CASD network address, the IP address is within the list of addresses authorized to connect to CASD, and they are in possession of an SD-box and a smartcard.

This attack configuration mimics an internal intrusion attempt. The company can connect as an internal user would. An account will be created specifically for this testing purpose.

The aim is to launch hijacking maneuvers to address at least one of the following issues:

– Is it possible to retrieve a file?
– Is it possible to access files to which the user has theoretically no access to (files or other projects)?
– Is it possible to usurp a user’s identity with or without his card?

Resilience tests to authentification modes will also be done (card tests, driver tests, etc).

Audit report

It must be complete and specific regarding the testing modalities, protocols used, source codes for the programs used in the attacks…

4 audits were carried out successfully by companies certified by the ANSSI.

PGP

CASD’s Public PGP key can be used to secure data before sending it to CASD. You can contact us at service@casd.eu for further information.

TÉLÉCHARGER LA CLEF PGP PUBLIQUE DU CAS
Download casd’S PGP key

Details on the key :

ID: 2BBE1271
Type : RSA
Size : 4096/4096
Created : 2013-06-12
Expiration : None
Cipher : AES-256
Fingerprint : 53B8 8ED6 A9F1 0E0B 62FD 5208 889E 5557 2BBE 1271