Certification
Published on 10.04.2025
Data security and regulatory compliance
At Padoa, data security is our top priority. We have developed a strong foundation from the outset and adopted rigorous technical and organisational measures to ensure maximum protection. Our proactive approach goes beyond simply meeting compliance standards; it reflects our commitment to always going the extra mile to keep data secure.
Frédéric de Mesmay, Director of Information Systems Security (DSSI) and co-founder at padoa
Enhanced data security at all levels for Occupational Health and Safety Departments
Padoa's stability is guaranteed by an internal SRE (Site Reliability Engineering) team of 18 people dedicated to developing and maintaining a reliable and scalable architecture. This organisation not only manages a growing number of requests, but also ensures excellent availability, serving occupational health. This synergy between human expertise and advanced technology enables Padoa to ensure efficient processing and security of data handled by SPSTs.
34M
employee files on Padoa
since its creation
(active and inactive)
100,000
requests processed
per minute
in January 2025
+99.99%
availability rate for the year 2024
*Internal Padoa data from metrics collected across all our customers
What does Padoa do with the data you process?
Padoa processes data from Occupational Health and Safety Departments (SPST) for the sole purpose of enabling them to carry out their mission: to ensure the prevention, health and safety of all those who work, throughout their professional careers.
We do not disclose them to third parties.
We do not sell them either.
Padoa's business model is based on a subscription system for our platform, paid for by SPSTs. Padoa does not receive any income from the use of data, nor does it sell it.
What data are we talking about?
Employee Data
They include personal information (surname, first name, age, gender, contact details), social information (family situation, qualifications) and health data related to the job, collected by the occupational physician or their team during medical consultations.
This data is accessible only to authorised persons who need it for employee health monitoring within the SPSTs, and in accordance with medical confidentiality. No one else can access it. Not the employer, not the manager, not even the HR manager.
Without any information that could identify the person behind the data, and consolidated into overall statistics, they also enable health monitoring as part of the regulatory tasks of the SPSTs provided for in the Labour Code.
Employer Data
This includes organisational information about the company, its contact details and lists of employees attached to the organisation, simplifying effective management of preventive measures.
Collective Prevention Data
Collective prevention data helps SPSTs make factual health assessments on a group of people with similar socio-demographic criteria, so they can better target and plan risk prevention in the workplace.
Find Out More
All data processing is carried out in strict compliance with ethical guidelines and applicable legal frameworks, thereby ensuring transparency and compliance.
Choosing a highly secure data host
We have chosen Microsoft Azure as our data host, which is HDS certified. Microsoft Azure, as a subcontractor of Padoa, a French company subject to the GDPR, is required to comply with the GDPR due to the nationality of its customer Padoa. The nationality of the host therefore has no bearing on this point.
Our choice of Microsoft Azure is based on several key factors:
-
Technical Market Leadership
Microsoft Azure, the world leader in cloud services, meets the most stringent requirements for securing healthcare data, demonstrating a strong commitment to a robust security infrastructure and best practices. This global reach ensures seamless service for SPSTs across Europe.
-
Proven Reliability and SafetyMicrosoft Azure hosting offers guaranteed availability, reliability and security, as proven by hundreds of certifications, including: CIS, CSA STAR, SOC 1-3, ISO 20000-1, ISO 27001, ISO 22301, ISO 27001, ISO 27017, ISO 27018, HDS.
-
Data Residency in France
The data is hosted in Azure's French data centres, which are certified as Health Data Hosters (HDS), ensuring full compliance with European regulations and preventing any transfer outside the European Union. In terms of availability, reliability and, above all, security, no European player currently matches the sophistication of global leaders such as Microsoft Azure. In fact, the government confirms this in its document entitled ‘Interministerial Strategy for Building Our National Health Data Heritage 2025-2028’ (in its first version): ‘There is no commercial offering qualified as SecNumCloud that fully meets the needs [in the European Union].’
Microsoft Azure is therefore a secure and compliant choice for hosting healthcare data, while meeting the most demanding standards on the market.
Find Out More
Some concerns are regularly raised, particularly in relation to the Cloud Act, a US law that allows US authorities to request access to certain data based on the nationality of the hosting provider's parent company. However:
-
TThese requests are strictly regulated and only issued in the context of a criminal investigation targeting a clearly identified US citizen or resident. They do not authorise the collection of all data on everyone.
-
This legislative framework has also enabled the United States to be reclassified as an ‘adequate’ country by the European Commission in 2023.
-
This legislation allows a supplier to object to a request if it conflicts with national law.
-
Regardless of US legislation, it should be noted that such requests may also be made by French or European authorities in the context of a national or international investigation.
Although access to data may be requested by French, European or even American legal authorities, Azure endeavours to process such legal requests in the most restricted and transparent manner possible. Azure systematically refuses illegitimate requests and notifies its users as soon as possible. This is also the case for Padoa if legal requests or requests from authorities are addressed to it. In addition to the measures taken by Azure, Padoa encrypts all data at rest, making it extremely difficult for any authority, European or otherwise, to use it, even if access has been granted directly by the host.
Comprehensive Security
The security and peace of mind we provide to our customers is based on two complementary and inseparable pillars:
-
security within the software
-
security related to the organisation and practices of the company
Within the software
Security within the software is our priority. We continuously invest in technologies and processes to ensure the platform's optimum security.
Our multi-layered and proactive approach ensures data security across four key areas: availability, integrity, confidentiality and traceability.
Availability
The software must be available to its users, otherwise it cannot be considered secure.
Padoa is designed for maximum availability. In 2024, we once again met and exceeded our contractual commitments with 99.9997% availability. This high availability is the result of several key factors:
-
Fast execution and automatic scaling: Padoa processes more than 35 million requests per day, and the systems are calibrated to process them very quickly. 95% of these requests are executed in less than 868 ms. In the event of a performance drop, other servers are available to share the processing load and relieve the system.
-
Redundancy at all levels: the software is based on several servers, which are themselves distributed across three data centers in France, all of which are autonomous in terms of power, connection, and cooling. This means that even if one of the servers or centers fails, padoa automatically switches to another data center without any interruption in service.
-
Constant activity monitoring: continuous monitoring and automatic alert systems enable constant surveillance of the platform. A dedicated team of 18 people, including a permanent watchdog, ensures a rapid response to any incident.
-
Responsiveness: our incident management policy guarantees a fast and effective response without compromising security. Documented procedures cover various failure scenarios, allowing parts of the application to be instantly disabled and/or fixes to be deployed on the same day.
Integrity
Data must not be lost or corrupted
-
Robust backup policy: Geo-redundant backups are performed throughout the day. They are located in a data center isolated from the production center to protect them from natural disasters. Restoration tests are also performed daily.
-
Business continuity: various disaster scenarios are prepared and tested regularly, with defined recovery time objectives (RTO) and recovery point objectives (RPO).
Confidentiality
Data must not be shared with unauthorized persons
-
Encryption: data is encrypted in transit and at rest. Rigorous management of cryptographic keys and secrets is in place.
-
Strict network policy: we protect customer data by strictly controlling Internet access from servers (mesh network) and protecting them with firewalls (application and TCP).
-
Partitioning: customer databases, applications, and environments (production, testing, development) are strictly partitioned from each other to prevent errors.
-
Secure connection: two-factor authentication (2FA) and SSO support are mandatory to access the application.
-
Vulnerabilities and malware: automatic vulnerability scans, regular intrusion tests, and an antivirus program embedded in the application protect against threats.
Traceability
There can be no security without the ability to track changes.
-
Fine-grained access rights management: padoa users have different rights depending on their roles. A healthcare professional will not have the same access as an administrative user, who does not have access to medical data. By default, padoa employees do not have access to SPST data. However, when the situation requires it, certain job profiles may have access, but only in read-only mode. In this case, all consultation actions are tracked. For example, padoa user support may have access to certain data in order to respond accurately to your requests/questions regarding use.
-
Trace generation: the traceability of common actions in the application is ensured by a centralized logging system. Padoa also has procedures for requesting traces for the customer. Finally, a bastion ensures traceability for administrative actions.
-
Deletion of confidential information: To protect privacy, traces expire automatically after 12 months.
In terms of our corporate organisation
Padoa has a strict internal information security policy in terms of internal organisation.
-
Governance and Accountability: an information security policy that formalises appropriate roles and responsibilities (CISO, DPO) under the responsibility of senior management and in contact with the authorities, but also compliance with legal, regulatory, normative and contractual requirements.
-
Asset and Information Management: an inventory of our assets, an information classification policy, and compliance with intellectual property rights. All our resources are stored in a secure environment, with different classification levels established according to their content, and specific handling and transfer rules for each level, restricted to the needs of the business according to the job function.
Find Out More
Information Lifecycle Management: prevention of data leaks, masking where necessary, final deletion, backup. When a piece of information is created, it is first classified according to the Information Classification Plan in order to establish its level of confidentiality.
The dissemination media used must be controlled and information must be distributed solely on a ‘need-to-know’ basis, i.e., only to those who need to access it. When information is no longer required, it must be deleted.
-
Supplier Management
Information security control in our relationships with suppliers, coupled with monitoring and management of supplier changes. An internal process involving several stages ensures that the suppliers we work with respond positively to a number of security and compliance questions before any quotation or contract is signed. Prior approval by the RSSI and DPO is required before signing.
-
Audits
Independent entities are commissioned to audit our security practices at least once a year:-
Certification Audits
-
Internal Audits
-
Breach Tests
-
-
Human Resources Management
-
Staff Recruitment and Management: careful selection of employees and background checks, awareness-raising and training in information security and personal data management for employees, and confidentiality responsibilities for employees that continue beyond the end of their contract.
-
Confidentiality and Security at Work: extreme confidentiality applies to our employees and is a fundamental part of the employment contract.
-
-
Asset Management
Our offices are physically secure, with access controls, environmental protection and measures to ensure confidentiality.-
Premises Security: secure offices with access control, protection against physical and environmental threats, confidentiality (tidy desks, locked screens), equipment and storage. Azure applies the same security measures to its data centres.
-
Equipment Management: secure disposal of used equipment.
-
💡 FAQ
Does Padoa exploit data?
Padoa processes your data for the sole purpose of enabling SPSTs to carry out their prevention work. We do not use it for any other purpose. We do not share it with third parties. We do not sell it.
Padoa,
is the collaborative prevention platform
An intuitive and user-friendly platform
Only one entry of information is required for it to be displayed in all dedicated areas
Triple certification to HDS, ISO 27001 and ISO 27701 standards for data security and protection
Easy management of your business
Deployment assured in just a few months and Qualiopi-certified training for proper handling of the tool
Long-term local support