Seguridad y transparencia

Infraestructura

Laas utiliza un modelo de seguridad específico extremo a extremo y en varios niveles. Todos los servidores son de protección futura y se auditan regularmente de forma independiente.

• Servidores ubicados en la Unión Europea y RGDP compatibles;
• Equilibrador con sistema dinámicas de servidor web;
• Motor MySQL con copias de seguridad diarias automáticas;
• Sistema de duplicación para garantizar la continuidad del sistema;
• Seguimiento automático de infraestructura y cargas de API;
• Protocolos de seguridad de red (SSL OV, DNSSEC, DMARC);
• Cifrado y garantía de 256 bits de hasta 250.000 euros
• Tecnología de aprendizaje automático para el análisis de datos.
• EU Cloud Code of Conduct (CoC) compliant
• ISAE 3000 Type 2 Report (FINMA) compliant
• ISO/IEC 27001 (ISMS) compliant
• SWIPO - Data Portability Code of Conduct
• ESMA - Cloud Outsourcing Guidelines
• ISO-50001 - Energy Management
• EBA - Cloud Outsourcing Guidelines

---

EBA Outsourcing Guidelines

Provide specific guidance on the relationship between financial institutions and their service providers. In particular, the guidelines specify a set of aspects that should be included in the contract between the financial institution and their service provider, including requirements on sub-outsourcing, security, access, information and audit rights, and termination rights.

https://cloud.google.com/security/compliance/eba-eu

---

ESMA Cloud Outsourcing Guidelines

Assist regulated entities identify, address and monitor the risks that may arise from cloud outsourcing arrangements. The ESMA cloud outsourcing guidelines provide specific guidance on: key contractual elements, information security, exit strategies, access and audit rights and sub-outsourcing.

https://cloud.google.com/security/compliance/esma-eu

---

EU Cloud Code of Conduct

The EU Cloud Code of Conduct (CoC) was designed to contribute to an environment of trust and transparency in the European cloud computing market and to simplify the risk assessment process of Cloud Service Providers (CSPs) for cloud customers. The CoC was developed by Scope Europe, an independent third party association, in collaboration with several industry players.Adherence to an approved code of conduct, as described in GDPR Article 40, can be used to help demonstrate that sufficient guarantees have been made to implement appropriate technical and organizational measures as a data processor under the GDPR.

https://cloud.google.com/security/compliance/eu-cloud-code-of-conduct

---

Google Cloud Platform

Google is carbon neutral today, but aiming higher: our goal is to run on carbon-free energy, 24/7, at all of our data centers by 2030. Plus, we’re sharing technology, methods, and funding to enable organizations around the world to transition to more carbon-free and sustainable systems.

https://cloud.google.com/sustainability