CYBORA
Last updated: 2026-01-30
1. Our Security Commitment
CYBORA is committed to protecting the confidentiality, integrity, and availability of information entrusted to us.
Information security is an integral part of our technology, operations, and governance practices.
We apply a risk-based approach to security aligned with industry best practices.
This overview describes our high-level security principles and controls.
2. Scope
This Security Policy applies to information systems, applications, networks, and data used to deliver CYBORA services.
It covers personal data, business information, and system-related data.
The Policy applies to employees, contractors, and authorized third parties.
More detailed internal security procedures support this public overview.
3. Information Security Governance
CYBORA maintains defined roles and responsibilities for information security.
Security oversight is supported by management and integrated into operational processes.
Policies and controls are reviewed periodically.
Security governance aligns with legal, regulatory, and contractual requirements.
4. Risk Management
Security risks are identified, assessed, and managed on an ongoing basis.
Risk assessments consider threats to systems, data, and service availability.
Mitigation measures are implemented proportionally to identified risks.
Security risks are reviewed when systems or services change.
5. Access Control and Authentication
Access to systems and data is limited to authorized individuals only.
Role-based access controls are applied to restrict access based on job responsibilities.
Authentication mechanisms are implemented to prevent unauthorized access.
Access rights are reviewed regularly and revoked when no longer required.
6. Data Protection and Encryption
CYBORA implements measures to protect data against unauthorized access, alteration, or loss.
Encryption or equivalent safeguards are applied where appropriate for data in transit and at rest.
Data handling practices follow data minimization and purpose limitation principles.
Personal data protection is aligned with CYBORA’s Privacy Policy and DPA.
7. Network and System Security
Systems and networks are protected against unauthorized access and malicious activity.
Security controls include monitoring, logging, and vulnerability management.
Updates and patches are applied in a timely manner.
System changes follow controlled processes.
8. Incident Management and Business Continuity
CYBORA maintains procedures to detect, respond to, and recover from security incidents.
Incidents are assessed and escalated in accordance with internal procedures.
Where required, clients and authorities are notified in line with applicable laws.
Business continuity measures support service availability.
9. Third-Party and Sub-Processor Security
Third parties and sub-processors are assessed for security and data protection practices.
Contractual safeguards are used to ensure appropriate security standards.
Third-party access is limited to what is necessary for service delivery.
Ongoing oversight is maintained throughout the relationship.
10. Training and Awareness
CYBORA provides security awareness training to relevant personnel.
Training covers data protection, secure system use, and incident reporting.
Awareness activities are updated regularly.
Security responsibilities are communicated clearly.
11. Continuous Improvement
Information security practices are continuously reviewed and improved.
Lessons learned from incidents, audits, and assessments inform updates.
Security controls evolve with technological and regulatory changes.
Management oversight supports continuous improvement.
12. Contact Information
For questions related to information security or to report security concerns:
