CYBERSECURITY POLICY AND
DATA PROTECTION
Last updated: January 5, 2025
Introduction
Data protection and cybersecurity are major issues in a digital environment where cyber threats are becoming more complex and regulatory requirements are strengthening.
SIIA, as an organization engaged in strategic communication activities, digital influence, and management of sensitive data, adopts a proactive and systematic approach to ensure the confidentiality, integrity, and availability of information.
This Cybersecurity and Data Protection Policy defines the fundamental principles and operational measures to ensure optimal protection against any data breach, attempted intrusion, or misuse of information systems.
It applies to all stakeholders of SIIA, without exception:
• Executives, employees, and consultants responsible for the strict application of security standards.
• Partners, subcontractors, and suppliers required to comply with contractual obligations regarding information security.
• Clients and users of SIIA's digital services, whose access and use of systems must comply with established standards.
Compliance with this policy is a mandatory condition for any collaboration with SIIA. Any violation or attempted violation of the established rules may result in disciplinary and contractual sanctions, potentially leading to legal action.
Fundamental Principles of Cybersecurity and Data Protection
Preservation of Information Confidentiality
SIIA is committed to ensuring the confidentiality of processed information, whether internal, strategic, commercial, or personal.
• Any sensitive data is subject to advanced encryption protocols, ensuring restricted access to authorized users only.
• Access to information is governed by the principle of least privilege, limiting access rights to strict professional needs.
• Strong authentication protocols are implemented to reduce the risk of identity theft and cyberattacks.
Guarantee of Data Integrity and Reliability
The integrity of the data is a fundamental element of SIIA's cybersecurity policy.
• Any modification to data is subject to traceability control, ensuring its accuracy and reliability.
• A real-time verification system detects any attempts to manipulate or alter sensitive information.
• Redundant and secure backup protocols ensure data restoration in the event of technical failure or cyber attack.
Availability and Resilience of Information Systems
SIIA ensures the continuous availability of its digital infrastructures and online services.
• Business continuity plans and incident recovery protocols ensure the resilience of systems in the event of an attack, failure, or force majeure.
• Continuous monitoring of IT infrastructures is carried out to anticipate any service interruptions.
• The adoption of advanced cybersecurity protocols allows for the detection and neutralization of threats before they compromise operations.
Compliance with Regulations and International Standards
SIIA is committed to complying with legal and regulatory requirements regarding data protection and cybersecurity, including:
• The General Data Protection Regulation (GDPR - EU 2016/679), which regulates the processing of personal data of European citizens.
• The California Consumer Privacy Act (CCPA), guaranteeing consumer rights regarding the management of their personal data.
• The provisions of the French Computer Law and Freedom, protecting individuals' digital rights.
• The Cybersecurity Act (United States and Europe), defining applicable security standards for critical infrastructures.
• The recommendations of the National Cybersecurity Agency (ANSSI) and other specialized regulatory bodies.
SIIA ensures all its practices, systems, and infrastructures comply with these regulatory requirements and conducts regular monitoring to adapt to legislative changes.
Responsibility and Awareness of Stakeholders
Data protection and cybersecurity are not only technological challenges, but also a shared responsibility among all actors of SIIA.
• Each employee and collaborator is required to strictly adhere to the defined policies and procedures.
• Each partner or external service provider must provide guarantees of compliance with the cybersecurity standards required by SIIA.
• Regular training sessions are organized to raise awareness among users about cyber risks and best practices for protecting information.
Governance and Risk Management in Cybersecurity
SIIA adopts a cybersecurity strategy based on centralized governance, proactive risk management, and continuous improvement of its protection systems. The objective is to ensure total operational resilience against cyber threats and regulatory developments.
Information Security Committee and Responsibilities
SIIA has established an Information Security Committee (ISC) responsible for overseeing all policies and actions related to cybersecurity. This committee is composed of representatives from the following departments:
• Information Systems Department (ISD)
• Legal and Compliance Department
• Operations and Risk Department
• Data Protection Officers (DPO)
• Cybersecurity experts and threat analysts
The missions of the ISC include:
• Definition and updating of cybersecurity strategies, aligned with technological and regulatory developments.
• Continuous monitoring of emerging threats and identification of potential vulnerabilities.
• Validation of security policies and incident management protocols.
• Management of internal and external cybersecurity audits to ensure compliance with international standards.
• Management of cybersecurity crises and coordination of responses in the event of attacks.
• Ongoing awareness and training of employees to minimize risks related to human error.
Risk Management and Threat Mapping
SIIA applies an advanced risk management methodology to identify, analyze, and address vulnerabilities preventively.
The assessed risks include:
• Data breach risk: compromise of sensitive information stored or processed by SIIA.
• System intrusion risk: phishing attacks, ransomware, or exploitation of technical vulnerabilities.
• Sabotage or economic espionage risk: malicious actions by internal or external parties aimed at harming SIIA’s strategic interests.
• Regulatory risk: non-compliance with legal requirements and associated sanctions.
• Operational risk: interruption of services due to an attack or technical incident.
A real-time threat mapping is updated, allowing prioritization of corrective actions and protection measures.
Detection and Response to Cyberattacks
SIIA has implemented advanced detection capabilities and a rapid response plan for cyberattacks based on industry best practices.
Detection Devices:
• Real-time monitoring of infrastructures via a Security Operations Center (SOC) operating 24/7.
• Deployment of intrusion detection systems (IDS/IPS) to identify abnormal behavior on networks.
• Proactive analysis of indicators of compromise (IoC) to anticipate attacks in preparation.
Cyberattack response plan:
1. Identification and assessment of the threat: detection of the anomaly and confirmation of the attack.
2. Isolation of compromised systems: activation of emergency measures to prevent the spread of the attack.
3. Recovery and remediation: restoration of data and correction of exploited vulnerabilities.
4. Post-incident analysis and strengthening of security measures: revision of policies and updates of protocols.
5. Notification to the competent authorities and affected parties, in accordance with legal obligations (GDPR, CCPA, etc.).
Audits, Penetration Testing, and Compliance with Security Standards
SIIA regularly conducts cybersecurity audits and penetration tests to ensure the effectiveness of its protection systems.
Internal and external audits:
• Conducting periodic checks to assess the robustness of infrastructures and identify possible weaknesses.
• Verification of compliance with international regulations and security certifications (ISO 27001, NIST, CIS Controls, etc.).
• In-depth analysis of access management policies and user rights.
Penetration testing:
• Organization of attack simulations (Red Team) to assess the responsiveness of systems to sophisticated intrusion attempts.
• Analysis of response capabilities and identification of areas for improvement in managing cybersecurity incidents.
These controls ensure that SIIA is permanently compliant with international best practices and minimizes risks related to evolving threats.
Sanctions for Security Breaches
Principles of Sanctions and Responsibilities
Compliance with cybersecurity and data protection protocols is an imperative obligation for all stakeholders of SIIA.
Any proven breach of the rules established in this policy exposes the offender to sanctions commensurate with the severity of the violation. These sanctions apply to employees, consultants, partners, and service providers involved in the compromise of systems or data.
The criteria for evaluating sanctions include:
• The severity of the breach (unintentional fault, gross negligence, intentional violation).
• The impact on the security of infrastructures and data.
• The degree of recurrence or deliberate intent to circumvent security rules.
Sanctions Applicable to Employees and Consultants
Disciplinary measures that may be taken in case of a violation of cybersecurity rules include:
• Written warning: for minor breaches or non-compliance with security protocols.
• Temporary suspension of access to systems: for serious fault or recidivism.
• Financial penalties: in the event of negligence causing significant harm to SIIA.
• Dismissal for gross misconduct: in case of intentional compromise or disclosure of confidential information.
• Legal action: in case of proven cyber crime, fraud, sabotage, or complicity with malicious third parties.
Sanctions Applicable to Partners, Suppliers, and Clients
Any contractual non-compliance regarding cybersecurity by a partner, supplier, or client may result in:
• Immediate suspension of access to systems in case of non-compliance with security requirements.
• Termination of contract without notice, if the violation compromises the safety of SIIA’s digital infrastructures.
• Legal action in case of involvement in an attack, data theft, or fraud.
Legal Responsibilities and Remedies
In case of violation of security obligations:
• SIIA will report offenses to the competent authorities, in accordance with applicable regulations.
• Legal actions may be initiated to seek compensation for financial and reputational damages suffered.
This Cybersecurity and Data Protection Policy constitutes a firm commitment by SIIA in favor of protecting its digital infrastructures and the information entrusted to it.
CYBERSECURITY POLICY AND
DATA PROTECTION
Last updated: January 5, 2025
Introduction
Data protection and cybersecurity are major issues in a digital environment where cyber threats are becoming more complex and regulatory requirements are strengthening.
SIIA, as an organization engaged in strategic communication activities, digital influence, and management of sensitive data, adopts a proactive and systematic approach to ensure the confidentiality, integrity, and availability of information.
This Cybersecurity and Data Protection Policy defines the fundamental principles and operational measures to ensure optimal protection against any data breach, attempted intrusion, or misuse of information systems.
It applies to all stakeholders of SIIA, without exception:
• Executives, employees, and consultants responsible for the strict application of security standards.
• Partners, subcontractors, and suppliers required to comply with contractual obligations regarding information security.
• Clients and users of SIIA's digital services, whose access and use of systems must comply with established standards.
Compliance with this policy is a mandatory condition for any collaboration with SIIA. Any violation or attempted violation of the established rules may result in disciplinary and contractual sanctions, potentially leading to legal action.
Fundamental Principles of Cybersecurity and Data Protection
Preservation of Information Confidentiality
SIIA is committed to ensuring the confidentiality of processed information, whether internal, strategic, commercial, or personal.
• Any sensitive data is subject to advanced encryption protocols, ensuring restricted access to authorized users only.
• Access to information is governed by the principle of least privilege, limiting access rights to strict professional needs.
• Strong authentication protocols are implemented to reduce the risk of identity theft and cyberattacks.
Guarantee of Data Integrity and Reliability
The integrity of the data is a fundamental element of SIIA's cybersecurity policy.
• Any modification to data is subject to traceability control, ensuring its accuracy and reliability.
• A real-time verification system detects any attempts to manipulate or alter sensitive information.
• Redundant and secure backup protocols ensure data restoration in the event of technical failure or cyber attack.
Availability and Resilience of Information Systems
SIIA ensures the continuous availability of its digital infrastructures and online services.
• Business continuity plans and incident recovery protocols ensure the resilience of systems in the event of an attack, failure, or force majeure.
• Continuous monitoring of IT infrastructures is carried out to anticipate any service interruptions.
• The adoption of advanced cybersecurity protocols allows for the detection and neutralization of threats before they compromise operations.
Compliance with Regulations and International Standards
SIIA is committed to complying with legal and regulatory requirements regarding data protection and cybersecurity, including:
• The General Data Protection Regulation (GDPR - EU 2016/679), which regulates the processing of personal data of European citizens.
• The California Consumer Privacy Act (CCPA), guaranteeing consumer rights regarding the management of their personal data.
• The provisions of the French Computer Law and Freedom, protecting individuals' digital rights.
• The Cybersecurity Act (United States and Europe), defining applicable security standards for critical infrastructures.
• The recommendations of the National Cybersecurity Agency (ANSSI) and other specialized regulatory bodies.
SIIA ensures all its practices, systems, and infrastructures comply with these regulatory requirements and conducts regular monitoring to adapt to legislative changes.
Responsibility and Awareness of Stakeholders
Data protection and cybersecurity are not only technological challenges, but also a shared responsibility among all actors of SIIA.
• Each employee and collaborator is required to strictly adhere to the defined policies and procedures.
• Each partner or external service provider must provide guarantees of compliance with the cybersecurity standards required by SIIA.
• Regular training sessions are organized to raise awareness among users about cyber risks and best practices for protecting information.
Governance and Risk Management in Cybersecurity
SIIA adopts a cybersecurity strategy based on centralized governance, proactive risk management, and continuous improvement of its protection systems. The objective is to ensure total operational resilience against cyber threats and regulatory developments.
Information Security Committee and Responsibilities
SIIA has established an Information Security Committee (ISC) responsible for overseeing all policies and actions related to cybersecurity. This committee is composed of representatives from the following departments:
• Information Systems Department (ISD)
• Legal and Compliance Department
• Operations and Risk Department
• Data Protection Officers (DPO)
• Cybersecurity experts and threat analysts
The missions of the ISC include:
• Definition and updating of cybersecurity strategies, aligned with technological and regulatory developments.
• Continuous monitoring of emerging threats and identification of potential vulnerabilities.
• Validation of security policies and incident management protocols.
• Management of internal and external cybersecurity audits to ensure compliance with international standards.
• Management of cybersecurity crises and coordination of responses in the event of attacks.
• Ongoing awareness and training of employees to minimize risks related to human error.
Risk Management and Threat Mapping
SIIA applies an advanced risk management methodology to identify, analyze, and address vulnerabilities preventively.
The assessed risks include:
• Data breach risk: compromise of sensitive information stored or processed by SIIA.
• System intrusion risk: phishing attacks, ransomware, or exploitation of technical vulnerabilities.
• Sabotage or economic espionage risk: malicious actions by internal or external parties aimed at harming SIIA’s strategic interests.
• Regulatory risk: non-compliance with legal requirements and associated sanctions.
• Operational risk: interruption of services due to an attack or technical incident.
A real-time threat mapping is updated, allowing prioritization of corrective actions and protection measures.
Detection and Response to Cyberattacks
SIIA has implemented advanced detection capabilities and a rapid response plan for cyberattacks based on industry best practices.
Detection Devices:
• Real-time monitoring of infrastructures via a Security Operations Center (SOC) operating 24/7.
• Deployment of intrusion detection systems (IDS/IPS) to identify abnormal behavior on networks.
• Proactive analysis of indicators of compromise (IoC) to anticipate attacks in preparation.
Cyberattack response plan:
1. Identification and assessment of the threat: detection of the anomaly and confirmation of the attack.
2. Isolation of compromised systems: activation of emergency measures to prevent the spread of the attack.
3. Recovery and remediation: restoration of data and correction of exploited vulnerabilities.
4. Post-incident analysis and strengthening of security measures: revision of policies and updates of protocols.
5. Notification to the competent authorities and affected parties, in accordance with legal obligations (GDPR, CCPA, etc.).
Audits, Penetration Testing, and Compliance with Security Standards
SIIA regularly conducts cybersecurity audits and penetration tests to ensure the effectiveness of its protection systems.
Internal and external audits:
• Conducting periodic checks to assess the robustness of infrastructures and identify possible weaknesses.
• Verification of compliance with international regulations and security certifications (ISO 27001, NIST, CIS Controls, etc.).
• In-depth analysis of access management policies and user rights.
Penetration testing:
• Organization of attack simulations (Red Team) to assess the responsiveness of systems to sophisticated intrusion attempts.
• Analysis of response capabilities and identification of areas for improvement in managing cybersecurity incidents.
These controls ensure that SIIA is permanently compliant with international best practices and minimizes risks related to evolving threats.
Sanctions for Security Breaches
Principles of Sanctions and Responsibilities
Compliance with cybersecurity and data protection protocols is an imperative obligation for all stakeholders of SIIA.
Any proven breach of the rules established in this policy exposes the offender to sanctions commensurate with the severity of the violation. These sanctions apply to employees, consultants, partners, and service providers involved in the compromise of systems or data.
The criteria for evaluating sanctions include:
• The severity of the breach (unintentional fault, gross negligence, intentional violation).
• The impact on the security of infrastructures and data.
• The degree of recurrence or deliberate intent to circumvent security rules.
Sanctions Applicable to Employees and Consultants
Disciplinary measures that may be taken in case of a violation of cybersecurity rules include:
• Written warning: for minor breaches or non-compliance with security protocols.
• Temporary suspension of access to systems: for serious fault or recidivism.
• Financial penalties: in the event of negligence causing significant harm to SIIA.
• Dismissal for gross misconduct: in case of intentional compromise or disclosure of confidential information.
• Legal action: in case of proven cyber crime, fraud, sabotage, or complicity with malicious third parties.
Sanctions Applicable to Partners, Suppliers, and Clients
Any contractual non-compliance regarding cybersecurity by a partner, supplier, or client may result in:
• Immediate suspension of access to systems in case of non-compliance with security requirements.
• Termination of contract without notice, if the violation compromises the safety of SIIA’s digital infrastructures.
• Legal action in case of involvement in an attack, data theft, or fraud.
Legal Responsibilities and Remedies
In case of violation of security obligations:
• SIIA will report offenses to the competent authorities, in accordance with applicable regulations.
• Legal actions may be initiated to seek compensation for financial and reputational damages suffered.
This Cybersecurity and Data Protection Policy constitutes a firm commitment by SIIA in favor of protecting its digital infrastructures and the information entrusted to it.
CYBERSECURITY POLICY AND
DATA PROTECTION
Last updated: January 5, 2025
Introduction
Data protection and cybersecurity are major issues in a digital environment where cyber threats are becoming more complex and regulatory requirements are strengthening.
SIIA, as an organization engaged in strategic communication activities, digital influence, and management of sensitive data, adopts a proactive and systematic approach to ensure the confidentiality, integrity, and availability of information.
This Cybersecurity and Data Protection Policy defines the fundamental principles and operational measures to ensure optimal protection against any data breach, attempted intrusion, or misuse of information systems.
It applies to all stakeholders of SIIA, without exception:
• Executives, employees, and consultants responsible for the strict application of security standards.
• Partners, subcontractors, and suppliers required to comply with contractual obligations regarding information security.
• Clients and users of SIIA's digital services, whose access and use of systems must comply with established standards.
Compliance with this policy is a mandatory condition for any collaboration with SIIA. Any violation or attempted violation of the established rules may result in disciplinary and contractual sanctions, potentially leading to legal action.
Fundamental Principles of Cybersecurity and Data Protection
Preservation of Information Confidentiality
SIIA is committed to ensuring the confidentiality of processed information, whether internal, strategic, commercial, or personal.
• Any sensitive data is subject to advanced encryption protocols, ensuring restricted access to authorized users only.
• Access to information is governed by the principle of least privilege, limiting access rights to strict professional needs.
• Strong authentication protocols are implemented to reduce the risk of identity theft and cyberattacks.
Guarantee of Data Integrity and Reliability
The integrity of the data is a fundamental element of SIIA's cybersecurity policy.
• Any modification to data is subject to traceability control, ensuring its accuracy and reliability.
• A real-time verification system detects any attempts to manipulate or alter sensitive information.
• Redundant and secure backup protocols ensure data restoration in the event of technical failure or cyber attack.
Availability and Resilience of Information Systems
SIIA ensures the continuous availability of its digital infrastructures and online services.
• Business continuity plans and incident recovery protocols ensure the resilience of systems in the event of an attack, failure, or force majeure.
• Continuous monitoring of IT infrastructures is carried out to anticipate any service interruptions.
• The adoption of advanced cybersecurity protocols allows for the detection and neutralization of threats before they compromise operations.
Compliance with Regulations and International Standards
SIIA is committed to complying with legal and regulatory requirements regarding data protection and cybersecurity, including:
• The General Data Protection Regulation (GDPR - EU 2016/679), which regulates the processing of personal data of European citizens.
• The California Consumer Privacy Act (CCPA), guaranteeing consumer rights regarding the management of their personal data.
• The provisions of the French Computer Law and Freedom, protecting individuals' digital rights.
• The Cybersecurity Act (United States and Europe), defining applicable security standards for critical infrastructures.
• The recommendations of the National Cybersecurity Agency (ANSSI) and other specialized regulatory bodies.
SIIA ensures all its practices, systems, and infrastructures comply with these regulatory requirements and conducts regular monitoring to adapt to legislative changes.
Responsibility and Awareness of Stakeholders
Data protection and cybersecurity are not only technological challenges, but also a shared responsibility among all actors of SIIA.
• Each employee and collaborator is required to strictly adhere to the defined policies and procedures.
• Each partner or external service provider must provide guarantees of compliance with the cybersecurity standards required by SIIA.
• Regular training sessions are organized to raise awareness among users about cyber risks and best practices for protecting information.
Governance and Risk Management in Cybersecurity
SIIA adopts a cybersecurity strategy based on centralized governance, proactive risk management, and continuous improvement of its protection systems. The objective is to ensure total operational resilience against cyber threats and regulatory developments.
Information Security Committee and Responsibilities
SIIA has established an Information Security Committee (ISC) responsible for overseeing all policies and actions related to cybersecurity. This committee is composed of representatives from the following departments:
• Information Systems Department (ISD)
• Legal and Compliance Department
• Operations and Risk Department
• Data Protection Officers (DPO)
• Cybersecurity experts and threat analysts
The missions of the ISC include:
• Definition and updating of cybersecurity strategies, aligned with technological and regulatory developments.
• Continuous monitoring of emerging threats and identification of potential vulnerabilities.
• Validation of security policies and incident management protocols.
• Management of internal and external cybersecurity audits to ensure compliance with international standards.
• Management of cybersecurity crises and coordination of responses in the event of attacks.
• Ongoing awareness and training of employees to minimize risks related to human error.
Risk Management and Threat Mapping
SIIA applies an advanced risk management methodology to identify, analyze, and address vulnerabilities preventively.
The assessed risks include:
• Data breach risk: compromise of sensitive information stored or processed by SIIA.
• System intrusion risk: phishing attacks, ransomware, or exploitation of technical vulnerabilities.
• Sabotage or economic espionage risk: malicious actions by internal or external parties aimed at harming SIIA’s strategic interests.
• Regulatory risk: non-compliance with legal requirements and associated sanctions.
• Operational risk: interruption of services due to an attack or technical incident.
A real-time threat mapping is updated, allowing prioritization of corrective actions and protection measures.
Detection and Response to Cyberattacks
SIIA has implemented advanced detection capabilities and a rapid response plan for cyberattacks based on industry best practices.
Detection Devices:
• Real-time monitoring of infrastructures via a Security Operations Center (SOC) operating 24/7.
• Deployment of intrusion detection systems (IDS/IPS) to identify abnormal behavior on networks.
• Proactive analysis of indicators of compromise (IoC) to anticipate attacks in preparation.
Cyberattack response plan:
1. Identification and assessment of the threat: detection of the anomaly and confirmation of the attack.
2. Isolation of compromised systems: activation of emergency measures to prevent the spread of the attack.
3. Recovery and remediation: restoration of data and correction of exploited vulnerabilities.
4. Post-incident analysis and strengthening of security measures: revision of policies and updates of protocols.
5. Notification to the competent authorities and affected parties, in accordance with legal obligations (GDPR, CCPA, etc.).
Audits, Penetration Testing, and Compliance with Security Standards
SIIA regularly conducts cybersecurity audits and penetration tests to ensure the effectiveness of its protection systems.
Internal and external audits:
• Conducting periodic checks to assess the robustness of infrastructures and identify possible weaknesses.
• Verification of compliance with international regulations and security certifications (ISO 27001, NIST, CIS Controls, etc.).
• In-depth analysis of access management policies and user rights.
Penetration testing:
• Organization of attack simulations (Red Team) to assess the responsiveness of systems to sophisticated intrusion attempts.
• Analysis of response capabilities and identification of areas for improvement in managing cybersecurity incidents.
These controls ensure that SIIA is permanently compliant with international best practices and minimizes risks related to evolving threats.
Sanctions for Security Breaches
Principles of Sanctions and Responsibilities
Compliance with cybersecurity and data protection protocols is an imperative obligation for all stakeholders of SIIA.
Any proven breach of the rules established in this policy exposes the offender to sanctions commensurate with the severity of the violation. These sanctions apply to employees, consultants, partners, and service providers involved in the compromise of systems or data.
The criteria for evaluating sanctions include:
• The severity of the breach (unintentional fault, gross negligence, intentional violation).
• The impact on the security of infrastructures and data.
• The degree of recurrence or deliberate intent to circumvent security rules.
Sanctions Applicable to Employees and Consultants
Disciplinary measures that may be taken in case of a violation of cybersecurity rules include:
• Written warning: for minor breaches or non-compliance with security protocols.
• Temporary suspension of access to systems: for serious fault or recidivism.
• Financial penalties: in the event of negligence causing significant harm to SIIA.
• Dismissal for gross misconduct: in case of intentional compromise or disclosure of confidential information.
• Legal action: in case of proven cyber crime, fraud, sabotage, or complicity with malicious third parties.
Sanctions Applicable to Partners, Suppliers, and Clients
Any contractual non-compliance regarding cybersecurity by a partner, supplier, or client may result in:
• Immediate suspension of access to systems in case of non-compliance with security requirements.
• Termination of contract without notice, if the violation compromises the safety of SIIA’s digital infrastructures.
• Legal action in case of involvement in an attack, data theft, or fraud.
Legal Responsibilities and Remedies
In case of violation of security obligations:
• SIIA will report offenses to the competent authorities, in accordance with applicable regulations.
• Legal actions may be initiated to seek compensation for financial and reputational damages suffered.
This Cybersecurity and Data Protection Policy constitutes a firm commitment by SIIA in favor of protecting its digital infrastructures and the information entrusted to it.