EN
Prendre un RDV

Sécurité et outils Nocode

Vous créez un site internet et cherchez l’outil Nocode le mieux adapté à vos objectifs cybersécurité ?
Pour vous, nous avons fait passer un crash test aux principaux outils du marché

Airtable

Airtable

2.80

/3

Catégorie

Synthèse

Note

Hosting and Datacenters

OK thanks to certifications & audit

⭐⭐⭐
>
<

Commentaire

Infrastructures, technologies and subcontractors are not described in website (AWS hosted in USA), but technical redundancy is available and SOC2 certification is relevant

Technical security certifications & audits

OK with ISO/CEI 27001 and SOC 2 report

⭐⭐⭐
>
<

Commentaire

ISO/CEI 27001 and SOC 2 report

GDPR & associated procedures

Alegria should help clients  to implement GDPR processes thanks to Airtable data management features

⭐⭐
>
<

Commentaire

- DPO, documentations and contracts are not described/mentioned.
- Access, logs, and management of data, including GDPR processes in terms of deletion/updates features are fully available.

Technical Specifications - ISSP

ISO/CEI 27001 and SOC2 report obtained by Airtable ensures a standard Security Policy

⭐⭐⭐
>
<

Commentaire

Operational and technical implementation of Security Policy is not described in website, but SOC2 certification and third party auditors ensure that ISSP exists and is implemented by Airtable

Authentication & Integration

Authentication, integration & data exchange features are OK

⭐⭐⭐
>
<

Commentaire

- Standard authentication & profile management features like SSO, MFA, and users provisionning are available.
- Integration and data exchange is available via many popular apps and a robust API (Zapier, Workato, Integromat, or Automate.io...)

Bubble

Bubble

2.00

/3

Catégorie

Synthèse

Note

Hosting and Datacenters

To be completed

⭐⭐
>
<

Commentaire

- Infrastructures, technologies and subcontractors are poorly described => to be completed with Bubble.
- Only information available : Bubble is built on Amazon Web Services and technical architecture allows Bubble apps to access point-in-time data recovery at any time

Technical security certifications & audits

To be completed

>
<

Commentaire

- No information available.
- AWS is compliant with certifications such as SOC 2, CSA, ISO 27001, but this doesn't mean Bubble global service is also compliant.

GDPR & associated procedures

Alegria should help clients to design databases and to implement data management rules and associated GDPR processes in Bubble

⭐⭐
>
<

Commentaire

- DPO not mentionned ? TBC by Bubble
- Bubble basic rule is "you own your data", this includes the design of your application and the data that your users upload, and of course includes all GDPR processes and responsability.
- To do so, Bubble provides tools and documentation to their clients to implement rules, manage updates, batchs, acces rights, users profiles etc...
- Regarding financial information, Bubble integrates with Stripe and Braintree and supports complex payment models including subscriptions, deferred payments, third-party transactions, and more.

Technical Specifications - ISSP

To be completed

⭐⭐
>
<

Commentaire

- Operational and technical implementation of Security Policy is not described in website ; Bubble only mention that they use automated code testing, vulnerability testing and continuous monitoring technologies.

Authentication & Integration

As Bubble platform is open, Alegria can create custom plugins (using code ?) to exchange data, and expose API to let other services connect to Bubble

⭐⭐⭐
>
<

Commentaire

- Authentication & profile management features seems to be available using specfic developements, as discourse SSO or log-ins with passwords or OAuth 2.0 provider (Facebook, LinkedIn, or others…)
- Multi-Factor-Authentication (MFA) available
- In terms of integration and data exchange, Bubble can Connect with any service via the API Connector and/or SQL connector, and 3rd party ESB/ETL like zapier for example
- Client can create custom plugins using Javascript, and expose his own API to let other services connect.

Notion

Notion

2.80

/3

Catégorie

Synthèse

Note

Hosting and Datacenters

OK, SLA 99.9%

⭐⭐⭐
>
<

Commentaire

- Infrastructures, technologies and subcontractors are described in website
- Technical redundancy is available
- Security architecture is not described in details, but SOC2 certification is relevant

Technical security certifications & audits

Only US laws and regulations compliance, SOC2 report is OK

⭐⭐⭐
>
<

Commentaire

- Only US regulation certifications are mentionned in Terms & Privacy ; to be confirmed by Notion that the product only refers to US law & regulation
- SOC2 Type 1 & Type 2 reports OK
- Not compliant with health, medical, payment & financial data

GDPR & associated procedures

Alegria should help clients to be aware and to implement GDPR processes in Notion

⭐⭐
>
<

Commentaire

- DPO not mentionned ? TBC by Notion
- Data register/process documentation not mentionned
- A general document DPA - data processing addendum - is in place, to ensure law regulations and mostly to protect Notion
- SOC2 certification covers only the "technical part" : 3rd party auditor, Information Systems Security Policy...
- GDPR data management specific processes (delete, anonymisation…) must be implemented by clients, manually and/or with Notion data portability & management tools
- GDPR documentation & processes not described

Technical Specifications - ISSP

SOC2 report obtained by Notion ensures a standard Security Policy

⭐⭐⭐
>
<

Commentaire

Operational and technical implementation of Security Policy is not described in website, but SOC2 certification and third party auditors ensure that ISSP exists and is implemented by Notion

Authentication & Integration

Integration security level OK with Notion Users management features

⭐⭐⭐
>
<

Commentaire

- Authentication & profile management features like SSO, SAML, users provisionning are OK.
- Additional features not mentionned (MFA, identity federation, password-less authentication),but needs to be confirmed by Notion
- Integration and data exchange is available via Notions's REST API & partners automate.io, typeform and zapier

Zapier

Zapier

1.00

/3

Catégorie

Synthèse

Note

Aucune donnée :(