Published on
Dilium obtains ISO/IEC 27001 and 20000 Certifications
The startup consolidates IT security management, risk management and transparency towards its customers.
Dilium is certified ISO/IEC 27001: 2013 and ISO/IEC 20000-1: 2018, the international standards that regulate the processes underlying an information security management system. The certification qualifies that the security of information within the company is managed according to international best practices. The goal is to keep security practices up-to-date to ensure the business continuity of dilium and all its customers against unauthorized access, data loss and service interruptions.
Dilium is always very attentive to the safety factor and provides the highest standards in terms of protection of its data and robustness of its applications. For this reason, as a Microsoft partner, we use Azure cloud services because of the highest level of operation, scalability and security of its environments.
Our Content Management Systems are installed on Microsoft Azure Cloud. The stack that is used is LAMP (Linux - Apache - Mysql - PHP) through an app service deployment from a docker image typically configured ad hoc according to the specifications, containing only the functional modules required with a security hardening on the entire system. The passwords of the operators who access our services are saved through a BCrypt hash.
All connected services are separated from the main structure and firewall policies are defined for exclusive access to the resources that have the privileges to communicate (for example, a direct connection to the database or an external API call is not provided). The code within the pages uses a careful analysis of SQL injection, XSS cross-site scripting and all calls are filtered and validated before making any query to the database.
To guarantee an additional level of security, dilium has stipulated a “Cyber Risk” - Axa Insurance policy. Among the customers who have chosen our services are the Novartis Farmaceutica group, Magnetic Media Network and Stantec Italia SpA, leading companies and extremely attentive to privacy and the content of their information with constant audits and, in some cases, with penetration tests performed by external companies to validate our work.