What is NIS2 compliance and how does it protect my therapy data?

NIS2 is a European cybersecurity directive that ensures the highest standards of digital protection. At Juls' Psychology, we implement security-by-design approaches, encrypted storage, and multi-factor authentication to protect your mental health information.

Which security measures does Juls' Psychology use to protect client data?

We employ multi-factor authentication, encrypted Google Cloud storage, ISO 27001 certified partners, and maintain detailed asset inventories. All our tools including SMTP2GO and Calendly meet strict cybersecurity standards.

How does the security-by-design approach work in mental health practice?

Our security-by-design approach means cybersecurity is built into every aspect of our digital workflow from the start, not added later. This includes encrypted communication, secure scheduling systems, and protected data storage throughout your therapeutic journey.

NIS2 Cybersecurity Policy | Juls' Psychology Compliance

Cybersecurity and Operational Resilience Policy (NIS2 Compliance)

At Juls’ Psychology, we believe that mental space is sacred, and the digital space is its reflection. Protecting your story is not just a matter of trust; it is our fundamental commitment to complying with the highest European cybersecurity standards (NIS2 Directive and the Cybersecurity Act).

1. Risk Management and Digital Stack

We minimize risk by employing a “Security-by-Design” approach. Our workflow is built upon the Google Workspace ecosystem, which meets global data protection and cyber defense standards.

Supply Chain: We select partners based on their published security standards and data protection commitments. Google Workspace holds ISO 27001 certification. Calendly operates under industry-standard security practices as documented in their published security policy.
Asset Inventory: We maintain an up-to-date registry of all ICT services we use to guarantee the traceability of information.

2. Technical Protection Measures

To ensure the sanctity of your business and personal cases, we implement:

Multi-Factor Authentication (MFA): We use system-integrated two-step verification mechanisms (Google Prompt/Authenticator) to ensure that only an authorized expert can access your data.
Cloud Data Protection: All records and documents are stored in an encrypted Google Cloud environment, protected by automated real-time threat detection systems.
Endpoint Control: Access to information is restricted to devices with enabled biometric protection or strong, periodically updated passwords.

3. Incident Response and Continuity

Your business and psychological support must never stop.

Recovery Plan: We have a readiness plan for technical failures to restore services in the shortest possible time.
Backups: Critical operational data is maintained within the Google Workspace environment, which provides version history and recovery capabilities. No third-party backup services are used outside this environment.
Reporting: Upon identifying a significant incident, we commit to submitting an early warning to the relevant supervisory authority within 24 hours and a formal incident notification within 72 hours, in accordance with NIS2 requirements.

4. Personal Responsibility and Training

As the Managing Director and Lead Expert, I undergo regular training in cyber hygiene. We believe that security begins with the human factor—just as psychological health and business development begin with awareness.

Related Policies

These Policies function as part of a comprehensive framework of ethical guidelines and standards. For a complete understanding of our operational principles, we invite you to review our other guiding documents: