ITrust Security Metrics

Based on ISO 27001,CVSS 2.0 requirements and security best practices, ITrust Security Metrics is a reliable and cost-effective label that helps organizations prove their level of commitment to the security of the data they operate.

Secure your websites and networks – Reassure your customers

The delegation of IT resources to a third party, such as a migration to the cloud, may lead to a loss of control over the information system. This can occur in a complex environment, framed by a significant regulatory context: CNIL, E-Privacy, DMP, HDS, SoX, Bale III, PCI, ISO 2700X/27001, HIPAA, SAS70.

For the customer, the challenge of the cloud and extended and distributed computing is to be able to control its outsourced data by controlling SLAs and service quality through the confidentiality and integrity of its data.

ITrust Security Metrics is a service offered by ITrust to independently establish the security level of an architecture according to criteria and objectives based on international standards.

The principle is to scan, thanks to IKare, the company’s websites and/or networks, in order to detect flaws and vulnerabilities and to jointly conduct a security policy, thanks to the support of ITrust security engineers.

A label is then generated and posted on the company’s website to prove to its customers the rigorous efforts it undertakes to maintain a maximum level of security.

Advantages

  • Identification of vulnerabilities
  • Supervision of system updates
  • Verification of security and integrity controls
  • Detailed reporting with the IKare solution
  • Conducting “on-demand” scans to ensure correction
  • Traceability of corrections made
  • Organisational support by specialised safety engineers
  • Strengthen your customers’ confidence in your efforts to maintain a maximum level of security

Description of the label

It is based on the one hand on the SaaS software solution, IKare (Security Monitoring developed by ITrust, labelled by Oséo), for vulnerability scans and security controls, and on the other hand on the ISO 27001 and 27002 standards for good management practices.

The ITrust Security Metrics label guarantees that the information system is configured and operated according to the best security practices and complies with regulations and the state of the art.

ITrust Security Metrics is available in four levels of certification:

Criteria / Requirements Niveau 1 Niveau 2 Niveau 2+ Niveau 3 Niveau 4
Vulnerability scan (via IKare) 1/week 3 days 3 days 2 days 1/day
Vulnerability remediation timeframes 1 week 3 days 3 days 48h 24h
Physical Security
Asset Management
Communications and Operations Management
Access control
Incident Management
Security policy
Organization of the safety function
Human Resources
Disaster recovery and business continuity
Compliance
ISO 27001 customer accreditation

Our clients say it better than we do:

We have always been aware of the importance of security for our customers, and it is only natural that we have turned to ITrust to provide them with an additional guarantee. Today, the implementation of monitoring and performance management tools coupled with a Vulnerability Management solution allows us to secure our infrastructures to 99%.

Thanks to the audits carried out by ITrust, we realized that some security flaws were not detected until now by our IT manager, who is both judge and jury.

The implementation of the IKare label via the trusted third party ITurst is a real plus for our customers. It guarantees them our total transparency in terms of security.

Mohamed Zaarour, Technical Director , d’Eurecia