Internal security measures

Availability

Seald's database is hosted in OVH's data centers. It is dimensioned to be highly available and is replicated three times.
Seald's API service is hosted in OVH's data centers. The underlying application is also configured in high availability.
The database is backed up daily.
The file systems of the Seald servers are backed up on a weekly basis.
The availability of services is monitored by the Cabot application. A report of the availability metrics of the services can be made available on request.

All servers are updated on a monthly basis.
A continuous monitoring of component vulnerabilities is carried out.
Security scans are performed on a weekly basis. Safety reports can be made available on request.
The production servers all have an identical test environment (called "Staging").

All incoming flows from the servers are either secure (TLS / SSH) or redirecting to secure flows (HTTP + HSTS).
Sensitive fields in the database are encrypted, so these data cannot be extracted from backups databases without the decryption key.
The weekly backup of the disk systems of the Seald servers is also encrypted with a unique key for each server.
Administrative and server maintenance accesses are only available to authorized employees, according to the principle of the least privilege.

System operations (Unix) are logged via Syslogs and integrated with weekly backups.
Application operations (Docker) are logged in log files and integrated into weekly backups.
User events (Seald) are logged in the database and integrated into daily backups.
Team events (Seald) are logged in the database and integrated into daily backups.