Security

Security Incident Reporting﻿
In the event of a security incident or alert detected by a customer, the customer must promptly report the information to CERT Erium: 
﻿
 https://www.erium.fr/cert/ 
﻿
Any identification of a security incident by our internal teams, or notification of a potential or confirmed incident by a third party, is subject to analysis by our technical team (supervised by the CISO and the Technical Director of Erium) in order to validate the confirmed nature of the incident and to determine, if applicable:
The impacted scope (affected user accounts, types of affected functionalities, types of affected data, etc.)
The likely consequences of this incident
The origin of the incident
The start date of the incident
Remediation, containment, or mitigation measures
﻿
This information is communicated to the customers directly affected by the incident, within a maximum period of 3 working days (the information period varies depending on the severity of the incident and whether security measures need to be implemented by the customers or not).
﻿