Information Security & Privacy Policy

Last updated: March 16, 2022

1. Introduction & Scope

We have adopted an Information Security & Privacy Management System (ISPMS) as part of our commitment to demonstrate the application of the highest level of security within the services we deliver to our clients.

EXEO is a leading managed services and cloud solutions provider. We help clients migrate and adopt cloud services in a secure way, We commit to enhancing the way our clients work by implementing digital and automation-based services.

EXEO was founded in 2012 in Beirut where we started serving clients in the Middle-East and in Africa, and in 2020 we opened our office in France and started delivering services to clients in Western Europe.

Our strategy is aligned on the following three pillars:

Agile IT: committed to chaperone our clients in migrating and adopting agile technology tools and services in order to enhance the way they work;
Cybersecurity: implementing security in every aspect of our services, identifying and protecting assets, detecting and responding to threats;
Digital: once we have built a solid and secure technology foundation, we can help clients adopt agile applications to digitize business processes.

The way we work at EXEO is based on an intimate understanding of clients infrastructure and an immersion in their operations which subsequently requires the development of world class and no-compromise security methodologies to guarantee safe, secure and private delivery of services.

2. ISPMS Policy Statement

We at EXEO, our legal entities EXEO SAL, EXEO OFFSHORE SAL and SAS EXEO have adopted an Information Security & Privacy Management System (ISPMS) as part of our commitment to demonstrate the application of the highest level of security within the services we deliver to our clients.

We are committed to safeguarding the confidentiality & privacy of information we process, ensuring the integrity of the data and the maximum availability of our services. This commitment is inline with our adherence to the ISO 27001:2013 information security and ISO 27701: 2019 information privacy standards and compliance with all applicable regulations, with the objective of protecting our clients and our assets from information security threats, whether internal or external, deliberate or accidental.

Security is carved inside the DNA of EXEO, it is incorporated in every service we deliver, every employee we recruit, every report we generate and every deliverable we produce to our clients.

The commitment of the leadership of EXEO is summarised in the following points:

A strict talent recruitment and management process emphasising our sensitivity to confidential information and compliance;
A controlled physical environment and asset management process;
An agile project management methodology incorporating securting in every aspect of projects;
A development methodology based on secure coding;
An information technology secure management framework based on current and projected information security threat environment;
A business continuity plan constantly adapted to ongoing risks;
An internal audit discipline based on an information classification policy;
A culture of Personal Identifiable Information protection practice embedded in our security policies.

We, EXEO, implement a process of continuous improvement in all aspects of operations and will make sure that this policy is reviewed once a year or whenever it is needed based on developments in cybersecurity, whichever comes first.

This policy is communicated internally to all members of EXEO. Each member formally commits to follow the rules, procedures and recommendations of this policy in his duties. It is the responsibility of employees to implement every aspect of this policy, for the managers to provide guidance to their teams and for the CEO to make sure this policy is implemented and reviewed on an annual basis.

3. Responsibilities

Exeo Corporate Governance Committee is responsible to monitor and improve the established management system policies and procedures and establish processes for handling deviations and exceptions.

4. Review of the policies for information security

This policy is reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy and effectiveness.

The policy review takes the results of management reviews into account.

If you have any questions about this policy, you can contact us

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 year	No description
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
pll_language	1 year	The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_clck	1 year	Used by Microsoft Clarity to store a unique user ID
_clsk		Microsoft Clarity analytics application
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_44752404_1	1 minute	No description
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
CLID	1 year	Microsoft Clarity
of.tracking	1 year
ofs
SL_C_23361dd035530_KEY		Outfunnel Campaign
SL_C_23361dd035530_SID		Outfunnel Campaign
SL_C_23361dd035530_VID		Outfunnel Campaign
SM	session	Used in synchronizing the MUID across Microsoft domains.
SRM_B	1 year 24 days	Identifies unique web browsers visiting Microsoft sites
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
ANONCHK	10 minutes	This cookie is used for storing the session ID for a user. This cookie ensures that clicks from advertisement on the Bing search engine are verified and it is used for reporting purposes and for personalization.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.

Information Security & Privacy Policy

1. Introduction & Scope

2. ISPMS Policy Statement

3. Responsibilities

4. Review of the policies for information security

Get in touch

Reach out