Security is a fundamental pillar of CYBORA’s technology, operations, and governance.
We apply a risk-based information security approach to protect the confidentiality, integrity, and availability of systems and data.
Security & National Cooperation
Last updated: 2026-01-30
1. Security at CYBORA
Security is a fundamental pillar of CYBORA’s technology, operations, and governance.
We apply a risk-based information security approach to protect the confidentiality, integrity, and availability of systems and data.
Security controls are integrated across our infrastructure, services, and AI-assisted solutions.
Our security practices are designed to support trust, resilience, and regulatory compliance.
2. Information Security Framework
CYBORA’s information security practices are aligned with internationally recognized standards and frameworks, including:
ISO/IEC 27001 (Information Security Management best practices)
SOC 2 (Security, Availability, Confidentiality principles)
GDPR Article 32 (Security of processing)
Security governance is embedded into operational processes and supported by management oversight.
Policies, procedures, and controls are reviewed and improved on an ongoing basis.
3. Technical and Organizational Security Measures
CYBORA implements appropriate technical and organizational measures, including but not limited to:
role-based access control and least-privilege principles,
monitoring and logging of system activity,
encryption or equivalent safeguards where appropriate,
secure configuration and vulnerability management processes.
Security measures are proportionate to identified risks and service scope.
4. Incident Management and Resilience
CYBORA maintains processes to detect, assess, and respond to security incidents.
Incidents are handled in accordance with internal incident response procedures.
Where required by law or contract, affected clients and authorities are notified without undue delay.
Business continuity and resilience measures support service availability.
5. Vulnerability Management and Responsible Disclosure
CYBORA supports responsible vulnerability disclosure and encourages security researchers to report vulnerabilities in good faith.
Reported vulnerabilities are assessed, prioritized, and remediated based on risk.
Our approach is documented in the Vulnerability Disclosure Policy.
Secure reporting channels are available and published via security.txt.
🔗 Related documents:
Vulnerability Disclosure Policy
Security Policy / Information Security Overview
6. National Cyber Security Cooperation (NKSC / KSIS)
CYBORA cooperates with the Lithuanian National Cyber Security Centre (NKSC) in accordance with applicable national cybersecurity requirements.
Where legally required, significant cybersecurity incidents are reported through the KSIS (Kibernetinio saugumo informacinė sistema) operated by NKSC.
This cooperation supports coordinated incident handling and national cyber resilience.
CYBORA’s processes are aligned to ensure timely, accurate, and responsible reporting.
🔗 NKSC / KSIS: https://www.nksc.lt/ksis
7. Regulatory Alignment and Reporting
CYBORA’s security and incident management practices support compliance with:
GDPR (data protection and breach notification),
NIS2 Directive (where applicable),
applicable national cybersecurity regulations.
Regulatory reporting is coordinated through defined governance channels.
Consistency and accountability are maintained across jurisdictions.
8. Third-Party and Sub-Processor Security
Third parties and sub-processors supporting CYBORA services are subject to security and data protection assessments.
Contractual safeguards ensure appropriate security standards are maintained.
Access is limited to what is necessary for service delivery.
Oversight is maintained throughout the relationship lifecycle.
9. Transparency and Continuous Improvement
Transparency is central to CYBORA’s security posture.
We provide public information about our security principles, policies, and cooperation with authorities.
Security practices evolve with changes in technology, threats, and regulation.
Continuous improvement is supported by reviews, assessments, and feedback.
10. Contact and Reporting
For security-related inquiries or vulnerability reporting, please contact:
📧 abuse@cybora.tech
📧 support@cybora.tech
Additional information:
security.txt: https://cybora.tech/.well-known/security.txtPGP key: https://cybora.tech/pgp-key.txt
TRUST CENTER – REQUIRED INFORMATION
List of Acts
a brief statement of the company’s commitment to security, privacy, and responsible AI,
the geographical scope of operations (EU / UK / US),
links to key policies and governance documents.
1. Privacy & Data Protection
Regulations: GDPR, UK GDPR, US privacy best practice
Privacy Policy,
Children’s Privacy (clearly separated section),
Data Processing Agreement (DPA),
Records of Processing Activities (RoPA) (summary only, not the full register),
International Data Transfers (SCCs, UK IDTA, EU–US Data Privacy Framework),
Data Subject Rights (how individuals can exercise their rights).
2. Artificial Intelligence & Responsible Use
Regulation: EU Artificial Intelligence Act (AI Act)
AI Transparency Notice (AI Disclosure),
AI Act Governance (summary),
AI risk classification (limited-risk / minimal-risk),
explanation of human-in-the-loop mechanisms,
Ethics & Responsible Use Policy.
3. Security Testing, Assurance & Continuous Validation
Standards: ISO/IEC 27001, SOC 2, NIS2, industry best practice
a high-level statement that regular security testing is performed. Reports: 2026 | 2027 | 2028
penetration testing conducted by qualified internal or external parties. Reports: 2026 | 2027 | 2028
vulnerability scanning and remediation processes,
remediation tracking and risk-based prioritization,
assurance that testing does not expose customer data or disrupt services. Reports: 2026 | 2027 | 2028
4. Security & Cyber Resilience
Standards: ISO/IEC 27001, SOC 2, NIS2, GDPR Article 32
Security Policy / Information Security Overview,
Incident Response (public, high-level summary),
Vulnerability Disclosure Policy,
security.txt and PGP public key,
third-party and sub-processor security overview,
Business Continuity & Resilience (high-level description).
5. National & Regulatory Cooperation
Regulations: NIS2, national cybersecurity laws
cooperation with the Lithuanian National Cyber Security Centre (NKSC) via KSIS,
incident reporting process (high-level overview),
cooperation with supervisory authorities (Data Protection Authorities and others).
7. Acceptable Use & Platform Integrity
Purpose: to demonstrate control over misuse and abuse risks.
Acceptable Use Policy (AUP),
examples of prohibited use,
enforcement and escalation principles.
8. Accessibility & Inclusion
Regulations: WCAG 2.1, EU Accessibility Act
Accessibility Statement,
contact details for accessibility-related inquiries,
a commitment to continuous improvement.
9. Transparency & Accountability
Purpose: to demonstrate organizational maturity and openness.
Trust & AI Compliance page,
Ethics & Responsible Use commitments,
change management explanation (how policies are updated),
visible “Last updated” dates on documents.
10. Contact & Reporting Channels
Critical for auditors and enterprise clients
Data Protection Officer (DPO) contact details,
security and abuse reporting contacts,
incident and vulnerability reporting channels,
references to security.txt.
