Stet

STET Information Security Policy is based on the ISO/IEC 27001 and 27002 standards, which are complemented with the relevant payment industry security rules and good practices such as BIS (Bank Interchange System) Core Principles or PCI-DSS (Visa-Master Card) relevant rules.

• The systems components which store or process critical payment data are located in high security, high availability production sites equipped and managed to protect them against failures, intrusions and natural disasters.
• STET system access is provided through encrypted virtual private networks built upon two distinct operators’ private networks. Peripheral firewalls enforce the authentication of the traffic between communicating entities.
• Payment data is encrypted and wrapped in encrypted and signed envelopes before they are sent on external networks. Payment data is decrypted just before it is processed and encrypted back just after processing.
• STET internal networks are segmented according to the sensibility of the data they convey and critical data reside in a restricted internal network zone protected from the internal network zone by firewalls of different technologies.

Through its security management process, STET continuously assesses conformity of security level to requirements and objectives and follows a security improvement process. A software vulnerability review monitors the implementation of software security updates with due diligence.