Cybersecurity Policy

Introduction

Data protection and cybersecurity are major issues in a digital environment where cyber threats are becoming more complex and regulatory requirements are tightening.

NeuriaLabs, as an organization engaged in strategic communication activities, digital influence, and the management of sensitive data, adopts a proactive and systematic approach to ensure the confidentiality, integrity, and availability of information.

This Cybersecurity and Data Protection Policy defines the fundamental principles and operational measures to ensure optimal protection against data breaches, intrusion attempts, or misuse of information systems.

It applies to all stakeholders of NeuriaLabs, without exception:

• Executives, employees, and consultants, responsible for the rigorous application of security standards.
• Partners, subcontractors, and suppliers, required to comply with contractual obligations regarding information security.
• Clients and users of NeuriaLabs' digital services, whose access and use of the systems must conform to established standards.

Compliance with this policy is a mandatory condition for any collaboration with NeuriaLabs. Any violation or attempt to violate the established rules may result in disciplinary and contractual sanctions, which could include legal action.

Fundamental Principles of Cybersecurity and Data Protection

Preservation of Information Confidentiality

NeuriaLabs is committed to ensuring the confidentiality of processed information, whether internal, strategic, commercial, or personal.

• Any sensitive data is subject to advanced encryption protocols ensuring restricted access to authorized users only.
• Access to information is governed by the principle of least privilege, limiting access rights to strictly necessary professional needs.
• Strong authentication protocols are implemented to reduce the risk of identity theft and cyberattacks.

Guaranteeing Data Integrity and Reliability

The integrity of data is a fundamental element of NeuriaLabs' cybersecurity policy.

• Any modification of data is subject to traceability control to guarantee its accuracy and reliability.
• A real-time verification system detects any attempt to manipulate or alter sensitive information.
• Redundant and secure backup protocols ensure data restoration in case of technical failure or cyberattack.

Availability and Resilience of Information Systems

NeuriaLabs ensures the continuous availability of its digital infrastructures and online services.

• Business continuity plans and incident recovery protocols ensure the resilience of systems in case of attack, failure, or force majeure.
• Continuous monitoring of IT infrastructures is carried out to anticipate any service interruptions.
• The adoption of advanced cybersecurity protocols allows for the detection and neutralization of threats before they compromise operations.

Compliance with Regulations and International Standards

NeuriaLabs is committed to complying with legal and regulatory requirements regarding data protection and cybersecurity, including:

• The General Data Protection Regulation (GDPR – EU 2016/679), which governs the processing of personal data of European citizens.
• The California Consumer Privacy Act (CCPA), ensuring consumers' rights regarding the management of their personal data.
• Provisions of the Data Protection and Freedom Act (France), protecting individuals' digital rights.
• The Cybersecurity Act (United States and Europe), defining the security standards applicable to critical infrastructures.
• Recommendations from the National Cybersecurity Agency (ANSSI) and other specialized regulatory bodies.

NeuriaLabs ensures that all its practices, systems, and infrastructures comply with these regulatory requirements and conducts regular monitoring to adapt to legislative evolutions.

Accountability and Awareness of Stakeholders

Data protection and cybersecurity are not only technological issues but also a shared responsibility among all actors of NeuriaLabs.

• Every employee and collaborator is required to strictly adhere to the defined policies and procedures.
• Every partner or external service provider must provide guarantees of compliance with the cybersecurity standards required by NeuriaLabs.
• Regular training sessions are held to raise user awareness of cyber risks and good practices for protecting information.

Governance and Risk Management in Cybersecurity

NeuriaLabs adopts a cybersecurity strategy based on centralized governance, proactive risk management, and continuous improvement of its protection measures. The objective is to ensure total operational resilience against cyber threats and regulatory changes.

Information Security Committee and Responsibilities

NeuriaLabs has established an Information Security Committee (ISC) responsible for overseeing all policies and actions related to cybersecurity. This committee is composed of representatives from the following departments:

• Information Systems Department (ISD)
• Legal and Compliance Department
• Operations and Risk Department
• Data Protection Officers (DPO)
• Cybersecurity experts and threat analysts

The missions of the ISC include:

• Defining and updating cybersecurity strategies, aligned with technological and regulatory developments.
• Continuous monitoring of emerging threats and identifying potential vulnerabilities.
• Validation of security policies and incident management protocols.
• Conducting internal and external cybersecurity audits to ensure compliance with international standards.
• Managing cybersecurity crises and coordinating responses in case of attacks.
• Ongoing employee awareness and training to minimize risks associated with human error.

Risk Management and Threat Mapping

NeuriaLabs applies an advanced risk management methodology to identify, analyze, and address vulnerabilities preventively.

The evaluated risks include:

• Risk of data breach: compromise of sensitive information stored or processed by NeuriaLabs.
• Risk of intrusion into systems: phishing attacks, ransomware, or exploitation of technical vulnerabilities.
• Risk of sabotage or economic espionage: malicious internal or external actions aimed at harming the strategic interests of NeuriaLabs.
• Regulatory risk: non-compliance with legal requirements and associated sanctions.
• Operational risk: interruption of services due to an attack or technical incident.

A threat map is updated in real time, allowing for the prioritization of corrective actions and protective measures.

Detection and Response to Cyberattacks

NeuriaLabs has established advanced detection capabilities and a rapid response plan for cyberattacks based on industry best practices.

Detection Devices

• Real-time monitoring of infrastructures via a Security Operations Center (SOC) operating 24/7.
• Deployment of intrusion detection systems (IDS/IPS) to identify abnormal behaviors on networks.
• Proactive analysis of indicators of compromise (IoC) to anticipate impending attacks.

Cyberattack Response Plan

  1. Identification and assessment of the threat: detection of the anomaly and confirmation of the attack.

  2. Isolation of compromised systems: activation of emergency measures to prevent the spread of the attack.

  3. Recovery and remediation: restoration of data and correction of exploited vulnerabilities.

  4. Post-incident analysis and strengthening of security devices: revision of policies and updates of protocols.

  5. Notification to the competent authorities and affected parties, in accordance with legal obligations (GDPR, CCPA, etc.).

Audits, Penetration Tests, and Compliance with Security Standards

NeuriaLabs regularly conducts cybersecurity audits and penetration tests to ensure the effectiveness of its protection measures.

Internal and External Audits

• Conducting periodic checks to assess the robustness of infrastructures and identify potential flaws.
• Verification of compliance with international regulations and security certifications (ISO 27001, NIST, CIS Controls, etc.).
• In-depth analysis of access management policies and user rights.

Penetration Tests

• Organization of attack simulations (Red Team) to evaluate the responsiveness of systems to sophisticated intrusion attempts.
• Analysis of response capabilities and identification of improvement areas in the management of cyber incidents.

These checks ensure that NeuriaLabs is continuously compliant with international best practices and minimizes risks related to evolving threats.

Sanctions in Case of Security Breaches

Principles of Sanctions and Responsibilities

Compliance with cybersecurity and data protection protocols is an imperative obligation for all stakeholders of NeuriaLabs.

Any proven violation of the rules established in this policy exposes the offender to sanctions proportionate to the seriousness of the breach. These sanctions apply to employees, consultants, partners, and suppliers involved in the compromise of systems or data.

The criteria for evaluating sanctions include:

• The severity of the breach (unintentional fault, gross negligence, intentional violation).
• The impact on the security of infrastructures and data.
• The degree of recidivism or the deliberate intention to circumvent security rules.

Sanctions Applicable to Employees and Consultants

Disciplinary measures that may be taken in the event of a violation of cybersecurity rules include:

• Written warning: for minor breaches or non-compliance with security protocols.
• Temporary suspension of access to systems: for serious fault or recidivism.
• Financial penalties: in case of negligence causing significant harm to NeuriaLabs.
• Dismissal for serious misconduct: in case of voluntary compromise or disclosure of confidential information.
• Legal action: in the case of proven cybercrime, fraud, sabotage, or complicity with malicious third parties.

Sanctions Applicable to Partners, Suppliers, and Clients

Any contractual non-compliance in terms of cybersecurity by a partner, supplier, or client may result in:

• Immediate suspension of access to systems in case of non-compliance with security requirements.
• Termination of the contract without notice if the violation compromises the safety of NeuriaLabs' digital infrastructures.
• Legal action in the case of involvement in an attack, data theft, or fraud.

Legal Responsibilities and Remedies

In case of violation of security obligations:

NeuriaLabs will report offenses to the competent authorities, in accordance with applicable regulations.
• Legal actions may be initiated to seek compensation for financial and reputational damages suffered.

This Cybersecurity and Data Protection Policy represents a firm commitment by NeuriaLabs to protect its digital infrastructures and the information entrusted to it.