By choosing the Pineappli solution, you can bring your company into compliance by ensuring a sustainable digital transition!

Thanks to the RGPD you respect your customers’ and employees’ data.

The General Data Protection Regulation

The GDPR (General Data Protection Regulation) is the new European framework for the processing and circulation of personal data. This text, applicable from 25 May 2018, which standardises the legislation of the European Union Member States on personal data, is intended to give all European Union residents more control over their personal data, to make data controllers more responsible while reducing their prior formalities with regulators and to strengthen the role of the Data Protection Authorities.

This compliance has been verified and validated by the law firm Racine, specialised in the digital field.
Cabinet Racine also serves as Pineappli’s delegated DPO (Data Protection Officer). This new player, provided for in articles 37 and following of the RGPD, is mandatory.
Its missions are as follows:
– to inform and advise the members of the entity on the legal obligations regarding data processing
– to monitor compliance with the RGPD
– to advise, upon request, on privacy impact assessments and to verify their execution
– cooperating with the competent Data Protection Authority
– being the contact point with the competent data protection authority on matters relating to processing, including consultation on privacy impact assessments
– be the contact point for data subjects for any questions relating to the processing of their data and the exercise of their rights.

With ISO 27001 your company’s roots are safe!

AFAQ ISO/IEC 27001 certification

Pineappli is proud to be ISO certified!

For those who are not familiar with the AFAQ ISO/IEC 27001 certification: It demonstrates that you have implemented an effective Information Security Management System (ISMS) built on the basis of the international reference standard, ISO 27001. It defines a methodology for identifying cyber threats, controlling the risks associated with your organisation’s critical information, and putting in place appropriate safeguards to ensure the confidentiality, availability and integrity of information.

The main benefits that contribute to a safe and secure business policy :
– Increased business resilience
– Alignment with customer requirements
– Improved business processes and integration with business risk strategies
– Increased reliability and security of systems and information
– Improved customer and business partner confidence

The access control policy contains the rules for access to systems, equipment, facilities and information. These rules are designed to give a clear overview of who has access to which network and/or service. Access to all systems is in accordance with the access control policy, which means that access is protected by secure login procedures and that access to source code is highly secure.
Software tools giving access to (sensitive) information are reserved for system administrators and are only accessible under supervision and in certain (rare) situations. Users have to register in our information system and have access to certain areas according to their privileges.
The IT security policy rules determine how users maintain the confidentiality of their authentication data.
By achieving ISO 27001 certification, we have reduced the risk of information security breaches.
The IT Service Management System (ISMS) ensures appropriate risk management and is in place for development, maintenance, management and hosting.

It is the guarantee that the security announced by the certified company is real!
This certification depends on ISO, the international standards organisation, and thus has international scope and recognition.
It can only be obtained through the intervention of an organisation accredited by national organisations such as COFRAC in France.
This requires a great deal of work and internal organisation to meet all the requirements, both technical and organisational.
Obtaining this certification demonstrates the commitment and importance that the company attaches to information security and represents a real guarantee of seriousness for the companies with which we work.

This certification gives rise to a certificate issued by the certifying body and authorises the use of a logo which allows the reality of this certification to be verified.

Compliance with applicable laws and standards:

– Pineappli has just been certified ISO 27001. This certification guarantees that security requirements are taken into account in the management of the Pineappli solution. The ISO 27001 standard is an international standard for strengthening the confidence of digital players, and is also synonymous with reliability and competitiveness. This certification is indicative of our seriousness and our level of competence in the area of information systems security.
– Compliance with the RGPD standard and state-of-the-art technology.
– Application of the European eIDAS regulation of July 2014 and the Monegasque law of December 2019 “For a Digital Principality”.
– Pineappli’s compliance in terms of cryptography has also been validated by the company ADACIS, itself PASSI (1) certified by the ANSSI (2).
(1) PASSI: Information Systems Security Audit Service Provider
(2) ANSSI: National Agency for Information Systems Security
– Certification is also underway with the AMSN (3), for electronic archiving, the electronic safe and digitisation with probative value, in compliance with the Monegasque law of December 2019.
(3) AMSN: Monegasque Agency for Digital Security

Two major consequences for companies thanks to the strict application of the laws:
– In the event of a dispute, Pineappli makes it possible to provide the evidence requested: a very valuable evidence manager!
Pineappli can be seen as an Evidence Management Service Provider insofar as it integrates all of the services directly linked to trust environments. Pineappli is thus able to deliver a rich digital pathway that covers all of its clients’ needs in strict compliance with the law. Its probative value traceability system (see log management below) enables proof to be provided of the execution of each referenced action, when and by which user.

– Pineappli is one of the few companies to offer digitisation with evidential value: i.e. deletion of paper after the documents have been digitised!
The Pineappli solution has a probative value digitisation system that complies with the law of December 2019 “for a digital Principality”, which means that no paper is kept after digitisation. The latter must be carried out in compliance with the required conditions and it must be ensured that the conservation of the digitised documents meets the conditions for electronic archiving with probative value,
This is the case for the Pineappli safes.

Our patent was filed by Mr. Jean-Marc Rietsch on June 8, 2015, dealing with the “securing of digital data”,
bearing the national registration number 15 01179 and the European registration number 3304409 and issued on 7 April 2020 in the United States under number 10,614,230.

This patent is a real guarantee of reliability and innovation for users.

HDS means ensuring your health and the health of your patients!

Certification of health data hosts

Hosting health data (HDS), a guarantee of quality to secure health data.
Personal health data is particularly sensitive data. Access to it is therefore regulated by law to protect the rights of individuals. Consequently, the hosting of this data must be carried out under security conditions adapted to its criticality. The regulations define the terms and conditions expected.

“Any natural or legal person who hosts personal health data collected in the course of preventive, diagnostic, care or medico-social monitoring activities on behalf of natural or legal persons at the origin of the production or collection of this data or on behalf of the patient himself, must be approved or certified for this purpose.

Health Data Hosting (HDS) certification is required for entities such as cloud service providers that host personal health data governed by French law and collected to provide preventive, diagnostic, and other health services. The HDS regulation was issued by ASIP SANTÉ which, under the aegis of the French Ministry of Health, is responsible for promoting e-health solutions in France.

The hosting of health data is governed by French law and the French Public Health Code (Article L.1111-8), which stipulates that any health organisation (hospitals, pharmaceutical companies, laboratories) that manages personal medical data must use an HDS-certified service provider.
HDS certification requires that service providers adopt measures that ensure the security, confidentiality and accessibility of personal health data for patients. These measures include strong authentication and authorisation procedures, reliable backup systems and strong encryption methods. HDS also specifies mandatory provisions to be included in contracts with the cloud service provider. These requirements apply regardless of where the data is stored.
Like ISO 27001, this certification can only be obtained through accredited bodies.

It leads to the award of a certificate by the certification body and the use of a logo which allows the reality of this certification to be verified.

The company also appears in the list of certified bodies on the ASIP Santé website.

eiDAS is the Midas of your trusted services!

The EN 319-401 standard

Compliance with the requirements of standard EN 319-401 provides a presumption of conformity with the requirements of the European regulation eIDASchapter III TRUST SERVICES and article 24, “Requirements applicable to qualified trust service providers” and in particular :

• The use of reliable systems and products, security and process reliability
• Having a business continuity plan for the services offered by the service provider

The fact of being a qualified trust service provider brings a presumption of reliability of the services offered. This means that, in the event of a dispute, it will be up to the company challenging the solution to demonstrate that the service was not provided in accordance with the required standards.
This is in contrast to the more common situation where, in the event of a dispute, it is up to the offending company to demonstrate the quality of the service provided. This is known as the reversal of the burden of proof.

This certification, too, can only be obtained through the intervention of accredited bodies which, moreover, are recognised by the national supervisory body in the EIDAS sense of the term, i.e. the AMSN for Monaco and the ANSSI for France.
It gives rise to a certificate issued by the certifying body and the use of a logo which makes it possible to verify the reality of this certification.

A 100% Made In France standard that secures the archiving of your documents.

NF Z42-013

Pineappli is the first Monegasque company to be certified NF461

In its quest for excellence, Pineappli is very proud to announce that it has obtained NF461 certification, which places it among the leading Monegasque solutions that are on the rise!

After having already obtained ISO27001, HDS and eIDAS certification. Pineappli has just been certified in March 2022: NF461!

The NF461 certification, issued by AFNOR Certification, a recognised certification body, highlights the performance of Pineappli’s Electronic Archiving Service (EAS) and recognises its professionalism in terms of archiving with probative value.Created in 2012 in association with the Archives de France, this certification based on the NF Z 42-013 standard, gives you a guarantee of the fidelity, integrity, durability and traceability of the digital documents that you will archive in Pineappli. Reliable and probative, these documents can then be received as indisputable evidence in the event of a dispute or legal proceedings.
Thanks to this certification, Pineappli also has approval for current and intermediate public archives, on digital media, using its electronic archiving system.

The certified characteristics and activities concerned by the NF461 certification for the Pineappli startup are as follows
– Ability of the electronic archiving system to ensure the availability, integrity, confidentiality and traceability of electronic archives,
– Organisation and control of the archiving service,
– The functions of storage, retention, access, disposition and retrieval in the electronic records system,
– Control, security and availability of the infrastructure used to implement the electronic records system.

It is important to note that today only 21 companies in the whole of France have this certification. This is a further indicator of the excellence of the Pineappli solution and the only one of Monegasque origin.

Pioneer in Monaco with its new qualification reversing the burden of proof!

Qualified PSCo for its Archiving system according to the ministerial decree of 25 March 2021, in application of the law of December 2019 “For a digital Principality

Since October 2022, Pineappli has become the very first private company to obtain the Trusted Service Provider (TSP) qualification for its archiving system from the Monegasque Agency for Digital Security (AMSN).

The AMSN is the national authority in Monaco responsible for the security of information systems. Its French equivalent is the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI).

It was during the 22nd edition of the Assises de la Sécurité, an event renowned for its influence on the global cybersecurity scene, that Pineappli’s Chairman and Founder, Jean-Marc Rietsch, received from Fréderic Fautrier, the director of the AMSN, the precious document attesting to the qualification of Pineappli’s electronic archiving system (SAE) as a Trusted Service Provider in accordance with the ministerial decree of 25 March 2021, in application of the law of December 2019 “For a Digital Principality”.

The customer advantage? Reversing the burden of proof

The PSCo qualification represents a real benefit for Pineappli’s clients and provides real legal security. Indeed, they benefit from a presumption of reliability and a reversal of the burden of proof. Thus, in the event of a dispute, if a party disputes a document, it will be up to them to demonstrate that the document is not admissible and not up to the client to demonstrate that the document is admissible.

Today, only Monaco, Luxembourg and Belgium offer this qualification pending the new version of the Electronic IDentification, Authentication and Trust Services (eIDAS) regulation.

For Pineappli? A real competitive edge

It was a wonderful recognition for the Pineappli teams to receive the qualification of Trusted Service Provider for archiving from the hands of the Director of the AMSN, Mr Frédéric FAUTRIER.

By receiving this title, Pineappli has gained an undeniable competitive advantage on the Monegasque and international scene, even though the company has only existed for two years.

With its ISO 27001, eIDAS, HDS, NF 461 and now PSCo archiving certification, Pineappli has once again proven its legitimacy in dealing with your most sensitive documents and data.

Translated with www.DeepL.com/Translator (free version)

A qualification in several stages:

1. ISO 27001 certification: in March 2021
2. NF 461 certification: in March 2022 and is one of only 21 companies in France to hold it.
3. eIDAS certification in accordance with the ETSI 319 401 standard, which allows Pineappli to be introduced to the subject of the presumption of reliability.
4. Being audited by a Monegasque Information Systems Security Audit Service (PASSI).
5. Carry out a security certification

In addition to the need to obtain these heavy prerequisites, the Monegasque Digital Security Agency has added other requirements that you can find in Ministerial Order n° 2021-247 of 25 March 2021.

Its founding president, Jean-Marc RIETSCH, says: “We are very proud to have achieved this qualification which, let’s not forget, provides our clients with a guarantee of reliability within the meaning of the law and thus reverses the burden of proof. If a document is contested, it will be up to the opposing party to demonstrate that it is not admissible”.