Given the sensitive nature of its core business, EURO-P3C has integrated a high-security system that ensures the protection of products, information, and people, and complete operational traceability.

The safety and security policy defines security measures and technical requirements, and provides detailed information on their implementation. Each stakeholder is trained accordingly, and consistently complies with the policy: employees constantly respond to these needs.

Physical security

Security of premises and persons

Premises are protected 24 hours a day, seven days a week by specialised security companies responsible for monitoring and managing physical access to the buildings. Access authorisations are required for entry and must be validated by a member of the Security Group. Information such as an identity card or licence plate is requested and retained as required. Visitors are accompanied at all times.

To move inside the premises, each employee carries a strictly personal biometric badge, allowing restricted access to their department. This badge contains a chip and a high-security encoding system.

Site premises are arranged in zones of increasing risk level. This division into secure zones is supported by an adapted access authorisations scheme ranging from simple authorisation to dual-check access with biometrics, up to individual AIRLOCKS, also with biometric checks.

Material and production process security

Cheque paper and smart cards are inherently sensitive security features. They are therefore protected throughout the production cycle. The supplier makes secure deliveries directly to EURO-P3C. Upon receipt, stock is unit tracked and warehouse access strictly restricted.

Given the sensitive nature of the operations, they are mostly conducted under the four-eyes principle. At each stage of production, inventory is counted and strictly controlled during the physical transfer of the material or the transfer of responsibility between employees. Each unit of material is individually tracked. If, upon inspection, an anomaly or a reject is detected, the presence of all units is checked and notified before the destruction phase.

Logical security

Information security is paramount for EURO-P3C. It is ensured by a coherent set of inseparable elements including, in particular, procedural standards, indisputable operation traceability, and secure IT infrastructure and controls. The combination of these complementary parameters ensures the information protection, availability, confidentiality and integrity.

Authentication and access rights

The security management system is governed by procedures, technical means and detailed controls relating to authorisations, passwords and management of access rights to prevent data from being compromised. Key parameters include security of authentication, access controls and the separation of authorisations.

Logical access to resources is enhanced by password-protected, personal smart cards that incorporate authentication certificates. Password generation and utilisation is also strictly regulated by the information security policy. Access rights and levels concerning data and infrastructure are approved according to the business and strictly professional need. Access management is designed and controlled to ensure respect for separation and limitation of powers.

Data security

Data security is based on a classification of information sensitivity, which requires computer and cryptographic means as well as an adapted organisation.

Thus, data may be public, sensitive, confidential or secret. Cryptographic means are used systematically to manage both confidentiality and integrity. All non-public data is permanently encrypted between storage and production. Data transfers between EURO-P3C and the rest of the world are fully encrypted. Secret data is therefore never accessible unencrypted.

EURO-P3C has an infrastructure of cryptographic boxes designed to generate, store and protect cryptographic keys. These keys are secret and therefore can only be used inside a cryptographic box. Any attempt to break into the box will result in immediate key deletion.

Data is stored on servers located in rooms with controlled and reinforced physical and logical access. Key management activities are carried out by duly trained and authorised employees in a highly secure, dedicated environment. Activities involving the handling of cryptographic keys and other associated security parameters are managed under the four-eyes principle. The effective implementation of this principle reinforces the existence of barriers beyond regulatory obligations to prevent a person from accessing key components or parts thereof sufficient to form the real key.

System and network security

Each system and network element of the EURO-P3C infrastructure contributes to overall security. Implemented technical mechanisms allow, for example:

  • partitioning networks by business needs and security equipment,
  • real-time monitoring with an alert system,
  • periodic vulnerability and intrusion tests.

Security teams are responsible for monitoring and periodic inspection of the various measures and related technical resources.