Common use of Logical Security Clause in Contracts

Logical Security. All hard drives of TEHTRIS Appliances at the User's premises or in the TEHTRIS datacenter (which are used in servers) are encrypted via FDE (Full Disk Encryption) with keys that are stored off-site in a restricted, protected and encrypted space. All hard drives on TEHTRIS workstations (which are used to remotely administer the TEHTRIS Service) are encrypted via FDE. Workstations with elevated privileges are physically protected and inaccessible outside of business hours. All system authentications are performed by using a crypto-processor in a French branded smart card, with a PIN code typed on an external French branded reader, and/or by an ANSSI certified external key. All operating systems used in TEHTRIS Appliances at the User's site or in the TEHTRIS Datacenter are protected by secure Linux kernels, modified and compiled by TEHTRIS, with the use of advanced security technologies, including for example: RBAC integration in the kernel with role assignment and security policies for all processes; technologies against overflow attacks; special protections against Data leakage in memory Applications hosted in TEHTRIS Appliances at the User's location or in the TEHTRIS Datacenter, built by TEHTRIS in order to provide the TEHTRIS Service, may use technologies such as obfuscation, encryption and anti- reverse engineering, in order to limit and slow down attempts to recover functionality. All communications related to the TEHTRIS Service are encrypted between TEHTRIS workstations and the TEHTRIS Datacenter. All communications between TEHTRIS Appliances are encrypted including in the TEHTRIS Datacenter. All communications between TEHTRIS employees regarding the Agreement are encrypted (email, instant messaging). TEHTRIS' internal network access security contains scalable modules to combat physical and logical intrusion threats, for example: authentication on the network with 802.1X; technologies against network attacks, such as DHCP attacks, ARP spoofing attacks, IP spoofing attacks, etc. TEHTRIS employees do not have any access to the TEHTRIS internal network from a remote location, as the network behaves like a diode with respect to the Internet. Access to the TEHTRIS datacenter infrastructure is protected by: (i) identity restrictions: strong authentication dedicated to each employee based on physical tokens with French-branded crypto-processors and physical protection; (ii) time restrictions: with limitations on hours and days based on roles; (iii) geographic restrictions: with limitation to known areas defined as work source; (iv) network restrictions: with firewalls that are designed, installed, controlled and maintained solely by TEHTRIS from end to end; (v) DDOS restrictions: with the use of anti-DDOS technologies at the entrance to the TEHTRIS Datacenter; (vi) application restrictions: with the use of certificates to access application areas like the TEHTRIS Console. All TEHTRIS Data in local or cloud areas is on encrypted media.

Logical Security. All hard drives of TEHTRIS Appliances at the UserCustomer's premises or in the TEHTRIS datacenter (which are used in servers) are encrypted via FDE (Full Disk Encryption) with keys that are stored off-site in a restricted, protected and encrypted spacearea. All hard drives on TEHTRIS workstations (which are used to remotely administer the TEHTRIS Service) are encrypted via FDE. Workstations with elevated privileges are physically protected and inaccessible outside of business hours. All system authentications are performed by using a crypto-processor in a French branded smart card, with a PIN code typed on an external French branded reader, and/or by an ANSSI certified external key. All operating systems used in TEHTRIS Appliances at the User's Customer site or in the TEHTRIS Datacenter datacenter are protected by secure Linux kernels, modified and compiled by TEHTRIS, with the use of advanced security technologies, including for example: RBAC integration in the kernel with role assignment and security policies for all processes; technologies against overflow attacks; special protections against Data data leakage in into memory Applications hosted in TEHTRIS Appliances at the UserCustomer's location premises or in the TEHTRIS Datacenterdatacenter, built by TEHTRIS in order to provide the TEHTRIS Service, may use technologies such as obfuscation, encryption and anti- anti-reverse engineering, in order to limit and slow down attempts to recover functionality. All communications related to the TEHTRIS Service are encrypted between TEHTRIS workstations and the TEHTRIS Datacenterdatacenter. All communications between TEHTRIS Appliances are encrypted including in the TEHTRIS Datacenterdatacenter. All communications between TEHTRIS employees regarding the Agreement are encrypted (email, instant messaging). TEHTRIS' internal network access security contains scalable modules to combat physical and logical intrusion threats, for example: authentication on the network with 802.1X; technologies against network attacks, such as DHCP attacks, ARP spoofing attacks, IP spoofing attacks, etc.; partitioning of activities with network zoning to separate Users and respect watertightness notions; presence of two separate firewalls between the Internet network and the Internet operator's network; TEHTRIS' employees can access the network through the Internet. TEHTRIS employees do not have any no incoming access to the TEHTRIS internal network from a remote locationdistance, as the network latter behaves like a diode with respect to the Internet. Access to the TEHTRIS datacenter infrastructure is protected byby : (i) identity restrictions: strong authentication dedicated to each employee based on physical tokens with French-branded crypto-processors and physical protection; (ii) time restrictions: with limitations on hours and days based on roles; (iii) geographic restrictions: with limitation to known areas defined as work source; (iv) network restrictions: with firewalls that are designed, installed, controlled and maintained solely by TEHTRIS from end to end; (v) DDOS restrictions: with the use of anti-anti- DDOS technologies at the entrance to the TEHTRIS Datacenterdatacenter; (vi) application restrictions: with the use of certificates to access application areas like such as the TEHTRIS Console. All TEHTRIS Data data in local or cloud areas is on encrypted media.

Logical Security. All hard drives of TEHTRIS Appliances at the UserCustomer's premises or in the TEHTRIS datacenter (which are used in servers) are encrypted via FDE (Full Disk Encryption) with keys that are stored off-site in a restricted, protected and encrypted spacearea. All hard drives on TEHTRIS workstations (which are used to remotely administer the TEHTRIS Service) are encrypted via FDE. Workstations with elevated privileges are physically protected and inaccessible outside of business hours. All system authentications are performed by using a crypto-processor in a French branded smart card, with a PIN code typed on an external French branded reader, and/or by an ANSSI certified external key. All operating systems used in TEHTRIS Appliances at the User's Customer site or in the TEHTRIS Datacenter datacenter are protected by secure Linux kernels, modified and compiled by TEHTRIS, with the use of advanced security technologies, including for example: RBAC integration in the kernel with role assignment and security policies for all processes; technologies against overflow attacks; special protections against Data data leakage in into memory Applications hosted in TEHTRIS Appliances at the UserCustomer's location premises or in the TEHTRIS Datacenterdatacenter, built by TEHTRIS in order to provide the TEHTRIS Service, may use technologies such as obfuscation, encryption and anti- anti-reverse engineering, in order to limit and slow down attempts to recover functionality. All communications related to the TEHTRIS Service are encrypted between TEHTRIS workstations and the TEHTRIS Datacenterdatacenter. All communications between TEHTRIS Appliances are encrypted including in the TEHTRIS Datacenterdatacenter. All communications between TEHTRIS employees regarding the Agreement are encrypted (email, instant messaging). TEHTRIS' internal network access security contains scalable modules to combat physical and logical intrusion threats, for example: authentication on the network with 802.1X; technologies against network attacks, such as DHCP attacks, ARP spoofing attacks, IP spoofing attacks, etc.; partitioning of activities with network zoning to separate Users and respect watertightness notions; presence of two separate firewalls between the Internet network and the Internet operator's network; TEHTRIS' employees can access the network through the Internet. TEHTRIS employees do not have any no incoming access to the TEHTRIS internal network from a remote locationdistance, as the network latter behaves like a diode with respect to the Internet. Access to the TEHTRIS datacenter infrastructure is protected byby : (i) identity restrictions: strong authentication dedicated to each employee based on physical tokens with French-branded crypto-processors and physical protection; (ii) time restrictions: with limitations on hours and days based on roles; (iii) geographic restrictions: with limitation to known areas defined as work source; (iv) network restrictions: with firewalls that are designed, installed, controlled and maintained solely by TEHTRIS from end to end; (v) DDOS restrictions: with the use of anti-DDOS technologies at the entrance to the TEHTRIS Datacenterdatacenter; (vi) application restrictions: with the use of certificates to access application areas like such as the TEHTRIS Console. All TEHTRIS Data data in local or cloud areas is on encrypted media.

Logical Security. All hard drives of TEHTRIS Appliances at the UserCustomer's premises or in the TEHTRIS datacenter (which are used in servers) are encrypted via FDE (Full Disk Encryption) with keys that are stored off-site in a restricted, protected and encrypted spacearea. All hard drives on TEHTRIS workstations (which are used to remotely administer the TEHTRIS Service) are encrypted via FDE. Workstations with elevated privileges are physically protected and inaccessible outside of business hours. All system authentications are performed by using a crypto-processor in a French branded smart card, with a PIN code typed on an external French branded reader, and/or by an ANSSI certified external keyreader which in order to avoid the threat of eavesdropping on a workstation. All operating systems used in TEHTRIS Appliances at the User's Customer site or in the TEHTRIS Datacenter datacenter are protected by secure Linux kernels, modified and compiled by TEHTRIS, with the use of advanced security technologies, including for example: RBAC integration in the kernel with role assignment and security policies for all processes; technologies against overflow attacks; special protections against Data data leakage in into memory Applications hosted in TEHTRIS Appliances at the UserCustomer's location premises or in the TEHTRIS Datacenterdatacenter, built by TEHTRIS in order to provide the TEHTRIS Service, may use technologies such as obfuscation, encryption and anti- anti-reverse engineering, in order to limit and slow down attempts to recover functionality. All communications related to the TEHTRIS Service are encrypted between TEHTRIS workstations and the TEHTRIS Datacenterdatacenter. All communications between TEHTRIS Appliances are encrypted including in the TEHTRIS Datacenterdatacenter. All communications between TEHTRIS employees regarding the Agreement are encrypted (email, instant messaging). TEHTRIS' internal network access security contains scalable modules to combat physical and logical intrusion threats, for example: authentication on the network with 802.1X; technologies against network attacks, such as DHCP attacks, ARP spoofing attacks, IP spoofing attacks, etc.; partitioning of activities with network zoning to separate Users and respect watertightness notions; presence of two separate firewalls between the Internet network and the Internet operator's network; TEHTRIS' employees can access the network through the Internet. TEHTRIS employees do not have any no incoming access to the TEHTRIS internal network from a remote locationdistance, as the network latter behaves like a diode with respect to the Internet. Access to the TEHTRIS datacenter infrastructure is protected byby : (i) identity restrictions: strong authentication dedicated to each employee based on physical tokens with French-branded crypto-processors and physical protection; (ii) time restrictions: with limitations on hours and days based on roles; (iii) geographic restrictions: with limitation to known areas defined as work source; (iv) network restrictions: with firewalls that are designed, installed, controlled and maintained solely by TEHTRIS from end to end; (v) DDOS restrictions: with the use of anti-DDOS technologies at the entrance to the TEHTRIS Datacenterdatacenter; (vi) application restrictions: with the use of certificates to access application areas like such as the TEHTRIS Console. All TEHTRIS Data data in local or cloud areas is on encrypted media.

Logical Security. All hard drives of TEHTRIS Appliances at the User's premises or in the TEHTRIS datacenter (which are used in servers) are encrypted via FDE (Full Disk Encryption) with keys that are stored off-site in a restricted, protected and encrypted space. All hard drives on TEHTRIS workstations (which are used to remotely administer the TEHTRIS Service) are encrypted via FDE. Workstations with elevated privileges are physically protected and inaccessible outside of business hours. All system authentications are performed by using a crypto-processor in a French branded smart card, with a PIN code typed on an external French branded reader, and/or by an ANSSI certified external keyin order to avoid the threat of eavesdropping on a workstation. All operating systems used in TEHTRIS Appliances at the User's site or in the TEHTRIS Datacenter are protected by secure Linux kernels, modified and compiled by TEHTRIS, with the use of advanced security technologies, including for example: RBAC integration in the kernel with role assignment and security policies for all processes; technologies against overflow attacks; special protections against Data leakage in memory Applications hosted in TEHTRIS Appliances at the User's location or in the TEHTRIS Datacenter, built by TEHTRIS in order to provide the TEHTRIS Service, may use technologies such as obfuscation, encryption and anti- reverse engineering, in order to limit and slow down attempts to recover functionality. All communications related to the TEHTRIS Service are encrypted between TEHTRIS workstations and the TEHTRIS Datacenter. All communications between TEHTRIS Appliances are encrypted including in the TEHTRIS Datacenter. All communications between TEHTRIS employees regarding the Agreement are encrypted (email, instant messaging). TEHTRIS' internal network access security contains scalable modules to combat physical and logical intrusion threats, for example: authentication on the network with 802.1X; technologies against network attacks, such as DHCP attacks, ARP spoofing attacks, IP spoofing attacks, etc. TEHTRIS employees do not have any access to the TEHTRIS internal network from a remote location, as the network behaves like a diode with respect to the Internet. Access to the TEHTRIS datacenter infrastructure is protected by: (i) identity restrictions: strong authentication dedicated to each employee based on physical tokens with French-branded crypto-processors and physical protection; (ii) time restrictions: with limitations on hours and days based on roles; (iii) geographic restrictions: with limitation to known areas defined as work source; (iv) network restrictions: with firewalls that are designed, installed, controlled and maintained solely by TEHTRIS from end to end; (v) DDOS restrictions: with the use of anti-DDOS technologies at the entrance to the TEHTRIS Datacenter; (vi) application restrictions: with the use of certificates to access application areas like the TEHTRIS Console. All TEHTRIS Data in local or cloud areas is on encrypted media.