The Data Utility Company’s Solid Pod platform combines software and operational processes to prevent, detect, and respond to security breaches.
Prevention of violations is aided by encryption at multiple layers and regular pen testing of key software components.
Detection capabilities rely on audit logs integrated with the SIEM solution of the Flemish Government and 24/7 monitoring by operators of the SOC of the Flemish Government.
All technology suppliers have well-established incident response and vulnerability disclosure processes, ensuring that problems are remedied quickly.

The Data Utility Company’s Solid Pod platform was architected with world-class security experts like Inrupt’s Bruce Schneier. The service design combines technology and processes to prevent, detect, and respond to security vulnerabilities.

These capabilities allow the service to handle Information Class 4 data, according to the Information Classification Model of the Flemish government (https://overheid.vlaanderen.be/informatieclassificatiemodel), which serves as a compass for issues concerning cloud, and data hosting in general.

Essential security considerations include:

• User authentication via a whitelist of trusted eID identity providers
• Regular third-party penetration testing of the Inrupt Enterprise Solid Server
• Integration of privacy-preserving systems logs with SIEM tool
• Monitoring by 24/7 global SOC provider
• Compliance with the Flemish government framework agreement for ICT services
• Backup and recovery
• Vulnerability disclosure and incident management processes established for all key software and service providers
• TLS 1.3 encryption used for data in transit between all internal services
• Minimum AES_256 for data encryption at rest

The trust provided by these security measures extends beyond The Data Utility Company’s Solid Pod platform, allowing both users and organizations to operate with peace of mind within an innovative Solid ecosystem.