Global Reporting Initiative

Tópicos standards - Social

We adopt the best market practices to ensure information security through frameworks such as NIST, CIS Controls, and ISO/IEC 27001:2022, among others. To strengthen our incident detection and response capabilities, we have: • 24/7 monitoring of security events from a Security Operation Center (SOC); • Monitoring of potential data leaks using DLP (Data Loss Prevention) tools; • Use of EDR (Endpoint Detection and Response) agents across the entire cluster of workstations, servers and containers; • Technologies supported by the Zero Trust Architecture, such as logical microsegmentation; • Cyber insurance for critical incident response; • Business Continuity Management System, comprising plans for the continuity of information security in adverse situations; • Periodic tests to identify potential vulnerabilities and cyber crisis reporting and management simulations. In the event of incidents that lead to data leakage, we have a Security Incident Management Policy and a Policy for Security Incident Reporting to the ANPD and Data Holders. As in previous years, in 2023 no cybersecurity incidents were recorded, whether regarding data leaks or interruption of operations.