This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

This policy describes Cenareo's approach to managing data security and cybersecurity risks, protecting our assets, and ensuring the confidentiality, integrity, and availability of customer data throughout its lifecycle.

Risk assessment

Cenareo carries out periodic risk assessments in order to identify potential threats, vulnerabilities, and their impact on data security and cybersecurity.


These evaluations take into account a variety of factors, including:

  • Data classification
  • System and application security postures
  • Network infrastructure vulnerabilitiesInternal and external threats (for example, cyberattacks, human error)

The results of risk assessments inform our security strategy, the allocation of resources, and the implementation of appropriate controls.

Data classification

Cenareo classifies data according to its sensitivity and potential impact in the event of a breach, which makes it possible to prioritize security measures and allocate resources efficiently, as well as to ensure security:

  • Improving security: by identifying the most critical assets and prioritizing security controls for their protection.
  • Compliance: by aligning with data privacy regulations that often impose specific protection measures for certain types of data (for example, GDPR).
  • Efficient resource allocation: By understanding data sensitivity, organizations can allocate security resources more effectively and avoid overprotecting low-risk data.
  • Incident response: by simplifying incident response, by providing a clear understanding of the potential impact of a data breach.

Data classification is an ongoing process, Cenareo regularly reviews and updates classification schemes to reflect changes in businesses, regulations, and the threat landscape.

Cenareo data is classified according to the following definitions:

Highly confidential data

This category includes data that is critical to Cenareo's operations, financial health, or reputation. A breach could result in serious financial losses, legal repercussions, or damage to public trust. Examples:

  • Customer financial information (credit card numbers, social security numbers)
  • Exclusive trade secrets or intellectual property
  • Personally Identifiable Information (PII) subject to strict regulations
  • Management communications and strategic plans

Confidential data

This category includes sensitive data that, if compromised, can cause moderate financial harm, reputational damage, or operational disruptions. Examples:

  • Customer names, contact information, and purchase history
  • Internal employee data (salary information, performance reviews)
  • Confidential commercial documents (contracts, proposals)
  • Marketing campaign data

Internal data

This category includes sensitive information that is important for internal operations but does not necessarily have the same level of criticality as confidential data. Examples:

  • Employee training materials
  • Internal communications and memos
  • Non-public customer service records
  • Information about IT infrastructure

Public data

This category refers to information that is available to the public or that is intended to be disseminated to the public. Examples:

  • Corporate website content
  • Press releases and marketing materials
  • Public financial reports
  • Product manuals and brochures

Asset Management

Cenareo maintains a comprehensive inventory of all assets that store, process, or transmit customer data. That includes

  • Hardware (servers, workstations, mobile devices)
  • Software applications
  • Network devices
  • Data storage systems

Access to these assets is strictly controlled based on the principle of least privilege.

Supply chain and subcontracting

Cenareo recognizes the importance of cybersecurity in its supply chain and has implemented a risk management strategy approved by the relevant stakeholders:

  • Information system vendors
  • Third-party partners providing components or services
  • Subcontractors to whom customer data is entrusted

These assessments focus on the security practices and potential risks associated with these entities.

Third-party management

Cenareo carries out routine evaluations of critical suppliers and third party partners:

  • Security audits
  • Penetration test results
  • Other forms of security risk assessment

Cenareo requires third parties to remedy the vulnerabilities and security risks identified within a defined period of time.

Contractual guarantees

Cenareo only shares data with third party providers when absolutely necessary for operational purposes. This data sharing is governed by strict information security clauses in contracts. These clauses cover the following points:

  • Confidentiality obligations concerning customer data
  • Data integrity and availability requirements
  • Security controls and incident reporting procedures.

Non-production environments

Cenareo strictly minimizes the storage of customer data in non-productive environments. It is therefore best to avoid, as much as possible, storing customer data in development, test, and user acceptance testing (UAT) environments. If required, customer data should be stored in non-production environments and the same or equivalent security measures used in production environments should be applied.

Besoin de nous joindre ?

Contactez nos équipes pour toute question sur ce sujet.

Contactez nous
Cenareo

Data & Cyber Security Risk Management

Text Link
Engage your audiences,
become a media.
AUDIENCES
CustomersEmployeesFlowsMarket
SOLUTIONS
Digital signageVideo
Business
CastingAboutContact us
resources
BlogInsightsCustomer storiesVideos
© CENAREO 2025, All rights reserved.
Help centerSupportLegalRGPDCybersecuritySite map
en