Certification

ISO/IEC 27001 — Information security

ISO/IEC 27001 is the international standard defining the requirements of an information-security management system (ISMS). It covers data confidentiality, integrity and availability through a risk-based approach.

BCUB3 status

Process engaged — pre-audit planned for Q4 2026. We have formalized our information-security policy and started the risk analysis on the following scope: software development, client data hosting, and AI integration operations. The ISO/IEC 27001 certificate will be displayed here upon delivery.

Technical measures in place

  • Encryption: TLS 1.3 in transit, AES-256 at rest for client data
  • Authentication: mandatory MFA on all administrator access
  • Secret management: dedicated vault, periodic key rotation
  • Backups: 3-2-1 policy, quarterly restore tests
  • Logging and traceability: centralized logs, 12-month minimum retention
  • Email: DMARC, SPF, DKIM, MTA-STS policies active on bcub3.com
  • Hosting: EU infrastructure (data sovereignty)

Organizational measures

  • Documented security policy, reviewed annually
  • Security awareness for everyone handling client data
  • Formalized incident management procedure
  • Confidentiality clauses with technical sub-processors

Learn more

Official standard (purchase) on the AFNOR website: AFNOR — ISO/IEC 27001:2022 ↗

← Back to home