Cybersecurity Policy

Introduction

Data protection and cybersecurity are major issues in a digital environment where cyber threats are becoming more complex and regulatory requirements are increasing.

NeuriaLabs, as an organization committed to the design, development, and integration of software solutions based on artificial intelligence, adopts a proactive and systematic approach to ensure the confidentiality, integrity, and availability of information.

This Cybersecurity and Data Protection Policy defines the fundamental principles and operational measures necessary to ensure optimal protection against any data breaches, attempted intrusions, or misuse of information systems.

It applies to all stakeholders of NeuriaLabs, without exception:

• Executives, employees, and consultants, responsible for the rigorous application of security standards.
• Partners, subcontractors, and suppliers, required to comply with contractual obligations regarding information security.
• Clients and users of NeuriaLabs's digital services, whose access and use of the systems must comply with established standards.

Compliance with this policy is a mandatory condition for any collaboration with NeuriaLabs. Any violation or attempt to violate the established rules may result in disciplinary and contractual sanctions, including legal action.

Fundamental Principles of Cybersecurity and Data Protection

Preservation of Information Confidentiality

NeuriaLabs is committed to ensuring the confidentiality of the information processed, whether it is internal, strategic, commercial, or personal.

• All sensitive data is subject to advanced encryption protocols ensuring restricted access to authorized users only.
• Access to information is governed by the principle of least privilege, limiting access rights to the strictly necessary professional needs.
• Strong authentication protocols are implemented to reduce risks of identity theft and cyberattacks.

Guarantee of Data Integrity and Reliability

The integrity of data is a fundamental element of NeuriaLabs' cybersecurity policy.

• Any modification of data is subject to traceability controls that ensure their accuracy and reliability.
• A real-time verification system detects any attempt to manipulate or alter sensitive information.
• Redundant and secure backup protocols ensure data restoration in case of technical failure or cyberattack.

Availability and Resilience of Information Systems

NeuriaLabs ensures continuous availability of its digital infrastructures and online services.

• Business continuity plans and incident response protocols ensure the resilience of systems in case of attack, failure, or force majeure.
• Continuous monitoring of IT infrastructures is conducted to anticipate any service interruption.
• The adoption of advanced cybersecurity protocols allows for the detection and neutralization of threats before they compromise operations.

Compliance with Regulations and International Standards

NeuriaLabs is committed to complying with legal and regulatory requirements regarding data protection and cybersecurity, including:

• The General Data Protection Regulation (GDPR – EU 2016/679), which governs the processing of personal data of European citizens.
• The California Consumer Privacy Act (CCPA), guaranteeing consumer rights regarding the management of their personal data.
• Provisions of the French Data Protection Act, protecting individuals' digital rights.
• The Cybersecurity Act (United States and Europe), defining the security standards applicable to critical infrastructures.
• Recommendations from the National Agency for the Security of Information Systems (ANSSI) and other regulatory bodies.

NeuriaLabs ensures that all its practices, systems, and infrastructures comply with these regulatory requirements and conducts regular monitoring to adapt to legislative changes.

Responsibility and Awareness of Stakeholders

Data protection and cybersecurity are not solely technological issues but also a shared responsibility among all actors of NeuriaLabs.

• Each employee and collaborator is required to strictly adhere to the defined policies and procedures.
• Each partner or external provider must provide guarantees of compliance with the cybersecurity standards required by NeuriaLabs.
• Regular training sessions are organized to raise user awareness of cyber risks and best practices for protecting information.

Governance and Risk Management in Cybersecurity

NeuriaLabs adopts a cybersecurity strategy based on centralized governance, proactive risk management, and continuous improvement of its protection measures. The goal is to ensure total operational resilience against cyber threats and regulatory changes.

Information Security Committee and Responsibilities

NeuriaLabs has established an Information Security Committee (ISC) responsible for overseeing all policies and actions related to cybersecurity. This committee is composed of representatives from the following departments:

• Information Systems Directorate (ISD)
• Legal and Compliance Directorate
• Operations and Risk Directorate
• Data Protection Officers (DPO)
• Cybersecurity experts and threat analysts

The missions of the ISC include:

• Definition and updating of cybersecurity strategies, aligned with technological and regulatory developments.
• Continuous monitoring of emerging threats and identification of potential vulnerabilities.
• Validation of security policies and incident management protocols.
• Management of internal and external cybersecurity audits to ensure compliance with international standards.
• Management of cyber crises and coordination of responses in case of attacks.
• Ongoing awareness and training for employees to minimize risks associated with human errors.

Risk Management and Threat Mapping

NeuriaLabs applies an advanced risk management methodology to identify, analyze, and address vulnerabilities preemptively.

The evaluated risks include:

• Data breach risk: compromise of sensitive information stored or processed by NeuriaLabs.
• Intrusion risk into systems: phishing attacks, ransomware, or exploitation of technical vulnerabilities.
• Sabotage or economic espionage risk: malicious actions originating internally or externally aimed at harming the strategic interests of NeuriaLabs.
• Regulatory risk: non-compliance with legal requirements and associated penalties.
• Operational risk: interruption of services due to an attack or technical incident.

A threat map is updated in real time, allowing for the prioritization of corrective actions and protective measures.

Detection and Response to Cyberattacks

NeuriaLabs has established an advanced detection capability and a rapid response plan for cyberattacks based on industry best practices.

Detection Devices

• Real-time monitoring of infrastructures through a Security Operations Center (SOC) operating 24/7.
• Deployment of intrusion detection systems (IDS/IPS) that allow for the identification of abnormal behaviors on networks.
• Proactive analysis of indicators of compromise (IoC) to anticipate attacks in preparation.

Cyberattack Response Plan

  1. Identification and assessment of the threat: detection of the anomaly and confirmation of the attack.

  2. Isolation of compromised systems: activation of emergency measures to prevent the spread of the attack.

  3. Recovery and remediation: restoration of data and correction of exploited vulnerabilities.

  4. Post-incident analysis and enhancement of security measures: revision of policies and updates of protocols.

  5. Notification to competent authorities and impacted parties, in accordance with legal obligations (GDPR, CCPA, etc.).

Audits, Penetration Testing, and Compliance with Security Standards

NeuriaLabs regularly conducts cybersecurity audits and penetration tests to ensure the effectiveness of its protection measures.

Internal and External Audits

• Conducting periodic checks to assess the robustness of infrastructures and identify potential vulnerabilities.
• Verification of compliance with international regulations and security certifications (ISO 27001, NIST, CIS Controls, etc.).
• In-depth analysis of access management policies and user rights.

Penetration Testing

• Organizing attack simulations (Red Team) to evaluate the responsiveness of systems to sophisticated intrusion attempts.
• Analysis of response capabilities and identification of areas for improvement in incident management.

These controls ensure that NeuriaLabs remains compliant with international best practices and minimizes risks related to evolving threats.

Sanctions for Security Breaches

Sanction Principles and Responsibilities

Compliance with cybersecurity and data protection protocols is an imperative obligation for all stakeholders of NeuriaLabs.

Any proven breach of the rules set forth in this policy exposes the violator to sanctions proportionate to the severity of the breach. These sanctions apply to employees, consultants, partners, and providers involved in the compromise of systems or data.

The criteria for evaluating sanctions include:

• The severity of the breach (unintentional fault, gross negligence, intentional violation).
• The impact on the security of infrastructures and data.
• The degree of recidivism or the deliberate intention to circumvent security rules.

Sanctions Applicable to Employees and Consultants

Disciplinary measures that may be taken in case of violation of cybersecurity rules include:

• Written warning: for minor breaches or non-compliance with security protocols.
• Temporary suspension of access to systems: for serious faults or recidivism.
• Financial sanctions: in cases of negligence causing significant harm to NeuriaLabs.
• Dismissal for serious fault: in cases of voluntary compromise or disclosure of confidential information.
• Legal action: in case of proven cybercrime, fraud, sabotage, or collusion with malicious third parties.

Sanctions Applicable to Partners, Suppliers, and Clients

Any contractual non-compliance regarding cybersecurity by a partner, supplier, or client may result in:

• An immediate suspension of access to systems in case of non-compliance with security requirements.
• A breach of contract without notice, if the violation compromises the safety of NeuriaLabs' digital infrastructures.
• Legal action in case of involvement in an attack, data theft, or fraud.

Legal Responsibilities and Remedies

In case of violation of security obligations:

NeuriaLabs will report violations to the competent authorities in accordance with current regulations.
• Legal actions may be initiated to obtain compensation for financial and reputational damages incurred.

This Cybersecurity and Data Protection Policy constitutes a firm commitment by NeuriaLabs to protect its digital infrastructures and the information entrusted to it.