{"id":34649,"date":"2025-08-12T12:41:20","date_gmt":"2025-08-12T15:41:20","guid":{"rendered":"https:\/\/conversys.global\/?page_id=34649"},"modified":"2025-08-12T13:19:14","modified_gmt":"2025-08-12T16:19:14","slug":"politicas-anticorrupcao-e-antissuborno-2","status":"publish","type":"page","link":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/","title":{"rendered":"Information Security Policy"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t

Objective<\/h2>\n

This Information Security Policy (ISP) establishes the guidelines and requirements to protect CONVERSYS' information against all threats, internal or external, deliberate or accidental, guaranteeing business continuity, minimizing risks and maximizing the return on investments and business opportunities.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n

\n\t
\n\t\t
\n\t\t\t

1. scope<\/h2>\n

This policy applies to all employees, suppliers, contractors and other interested parties who have access to CONVERSYS information and information systems, covering all forms of information, including digital, physical and verbal.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

\n\t
\n\t\t
\n\t\t\t

2. Terms and Definitions<\/h2>\n

To ensure clarity and facilitate the understanding of this policy, we present the following terms and definitions:<\/p>\n

    \n
  • Confidentiality:<\/strong> Ensuring that information is only accessible to those who are entitled to it and no one else.<\/li>\n
  • Integrity:<\/strong> Safeguarding the accuracy and completeness of information and processing methods.<\/li>\n
  • Availability:<\/strong> Ensuring that authorized users have access to information and associated assets when necessary.<\/li>\n
  • Information Security:<\/strong> Protecting the confidentiality, integrity and availability of information.<\/li>\n
  • ISMS (Information Security Management System):<\/strong> Part of the overall management system, based on a risk approach, which is used to establish, implement, operate, monitor, review, maintain and improve information security.<\/li>\n
  • Risk:<\/strong> Effect of uncertainty on objectives, measured in terms of consequences and probability.<\/li>\n
  • Risk assessment:<\/strong> Process of identifying and analyzing information security risks to determine their potential impact.<\/li>\n
  • Risk Treatment:<\/strong> Process of selecting and implementing measures to mitigate information security risks.<\/li>\n
  • CISO (Chief Information Security Officer):<\/strong> The person responsible for information security in the organization, who leads the development, implementation and maintenance of the ISMS.<\/li>\n
  • Information Security Incident:<\/strong> An occurrence related to information security that may have a negative impact on operations or information security.<\/li>\n
  • Business Continuity:<\/strong> The organization's ability to maintain essential operations during and after a critical incident.<\/li>\n
  • Information classification:<\/strong> The process of assigning a level of sensitivity to information, which determines the need for protection and the applicable security controls.<\/li>\n<\/ul>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div>
    \n\t
    \n\t\t
    \n\t\t\t

    3. Management's commitment<\/h2>\n

    CONVERSYS' senior management is committed to the implementation, maintenance and continuous improvement of the Information Security Management System (ISMS), ensuring the appropriate allocation of resources and the regular review of this policy.<\/p>\n

    4. Information Security Principles<\/h2>\n

    CONVERSYS adopts the principles of confidentiality, integrity and availability as fundamental to information security management, seeking to protect information from unauthorized access, ensure the accuracy of information and guarantee the availability of information when necessary.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div>

    \n\t
    \n\t\t
    \n\t\t\t

    5. Responsibilities and Authorities<\/h2>\n
      \n
    • Senior Management:<\/strong><\/li>\n<\/ul>\n

      Commitment to the ISMS:<\/strong> Ensuring the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS.<\/p>\n

      Resource allocation:<\/strong> Provide sufficient resources for information security, including personnel, technology and finance.<\/p>\n

      Policy definition:<\/strong> Approve the information security policy and any significant changes to it.<\/p>\n

        \n
      • Chief Technology Officer:<\/strong><\/li>\n<\/ul>\n

        Leadership of the ISMS:<\/strong> Acting as the focal point for information security management within the organization.<\/p>\n

        Development of Policies and Procedures:<\/strong> Develop, implement and maintain information security policies and procedures in line with organizational objectives.<\/p>\n

        Awareness and Training:<\/strong> Coordinate information security training and awareness programs for all employees.<\/p>\n

          \n
        • IT and Security Team:<\/strong><\/li>\n<\/ul>\n

          Implementation of controls:<\/strong> Implementing and maintaining technical security controls in accordance with the guidelines established by the CISO and information security policies.<\/p>\n

          Monitoring and Evaluation:<\/strong> Monitor and evaluate the effectiveness of information security controls and report any deficiencies or incidents to the CISO.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

          \n\t
          \n\t\t
          \n\t\t\t
            \n
          • Managers: <\/strong><\/li>\n<\/ul>\n

            Implementation of the ISMS:<\/strong> Ensuring that information security policies and procedures are implemented and followed within their respective departments.<\/p>\n

            Risk Management:<\/strong> Identify and manage information security risks related to your department's activities.<\/p>\n

              \n
            • Employees and Third Parties:<\/strong><\/li>\n<\/ul>\n

              Compliance with Policies:<\/strong> Follow all information security policies and procedures relevant to their activities.<\/p>\n

              Incident reporting:<\/strong> Report any suspected information security incident in accordance with established procedures.<\/p>\n

                \n
              • Information Owners:<\/strong><\/li>\n<\/ul>\n

                Classification and Protection:<\/strong> Classify information according to the organization's classification policy and ensure adequate protection according to the classification level.<\/p>\n

                Access Review:<\/strong> Periodically reviewing access to the information under their responsibility to ensure that it is appropriate.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div>

                \n\t
                \n\t\t
                \n\t\t\t

                6. Acceptable Use of Information Assets<\/h2>\n

                Purpose and Appropriate Use:<\/strong> CONVERSYS' information assets, including networks, devices, applications and data, must be used exclusively for professional and business purposes, as authorized by the company. Any use for personal purposes, without proper authorization, is strictly prohibited.<\/p>\n

                User responsibility<\/strong>Users are responsible for any activity carried out using their credentials and must ensure the security and confidentiality of their passwords and devices.<\/p>\n

                Data Security<\/strong>: It is mandatory to follow all information security policies and procedures to protect data from unauthorized access, disclosure, alteration, destruction or misuse.<\/p>\n

                Software and Applications:<\/strong> Software should only be installed on company devices with the approval of the IT team. Users should not install unlicensed, pirated or untrustworthy software to avoid security risks.<\/p>\n

                Internet access:<\/strong> Internet access must be done responsibly and ethically. Sites that contain offensive, dangerous or illegal material or that violate company policies are strictly prohibited.<\/p>\n

                Electronic Communication:<\/strong> Electronic communications must be used in a professional manner. Sensitive or confidential information should be shared securely and preferably encrypted<\/p>\n

                Monitoring and Compliance:<\/strong> Users should be aware that activities carried out on CONVERSYS systems and networks can be monitored to ensure compliance with acceptable use policies.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n\n\t

                \n\t\t
                \n\t\t\t

                7. Clean Screen and Clean Table<\/h2>\n

                CONVERSYS' Clean Screen and Clean Desk policy aims to reduce the risk of sensitive or confidential information being accidentally exposed. These practices are essential for maintaining information security in the workplace, whether in the office or remotely. Below, we detail the recommended practices:<\/p>\n

                Automatic locking:<\/strong> Configure your devices to lock automatically after a period of inactivity. This minimizes the risk of information exposure if you walk away from the device.<\/p>\n

                Closure of Sessions:<\/strong> Always end active sessions in applications and web services when they are not in use, especially on shared or public devices.<\/p>\n

                Screen saver:<\/strong> Use screen savers that hide the contents of the screen when the device is locked.<\/p>\n

                Checking the environment:<\/strong> Before leaving your workstation or ending a video call, make sure that no sensitive information is visible on the screen to others.<\/p>\n

                Documents and Notes:<\/strong> Keep printed documents, notes and sensitive materials in locked cabinets or drawers when not in use. Don't leave these materials on the table when you're away.<\/p>\n

                Mobile Devices and Storage Media:<\/strong> Store mobile devices, flash drives, external disks and any other storage media in a safe, locked place when not in use.<\/p>\n

                Cleaning up at the end of the day:<\/strong> At the end of the day, make sure your desk is clear of any material containing sensitive information. This includes cleaning whiteboards used in meetings or brainstormings.<\/p>\n

                Safe disposal:<\/strong> Use paper shredders or secure collection points to dispose of sensitive documents. Never dispose of sensitive documents intact in ordinary waste garbage cans.<\/p>\n

                Sensitive impressions:<\/strong> Sensitive or confidential information, when printed, should be removed from the printer immediately.<\/p>\n

                Information storage: Conversys information should be stored 100% in the cloud, even when the user is in the home office.<\/p>\n

                Management of corporate equipment: All equipment must be linked to the MDM Platform (Intune) which manages the devices.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n\n\t

                \n\t\t
                \n\t\t\t

                8. Information classification<\/h2>\n

                All information will be classified according to its value, legal requirements, sensitivity and criticality for CONVERSYS. This classification will determine the level of protection and the applicable security measures.<\/p>\n

                Confidentiality labels are used to classify e-mail messages, documents, websites and much more.<\/p>\n

                Classification levels have been defined:<\/strong><\/p>\n

                Public (lower):<\/strong> Public document open to unrestricted submission.<\/p>\n

                Sensitive:<\/strong> Sensitive data pertaining to projects, finances, etc. Can be shared with due precautions.<\/p>\n

                Internal:<\/strong> It should not be shared outside the company.<\/p>\n

                Restricted:<\/strong> Internal information, restricted by group or area. It must not be shared outside the company without proper authorization. For documents, it is necessary to define an access group.<\/p>\n

                Confidential (highest) - has 2 options:<\/strong><\/p>\n

                All Conversys:<\/strong> Confidential information. It must not be shared outside the company without the authorization of the board of directors.<\/p>\n

                Determined:<\/strong> Confidential information restricted to a group. For documents, select groups with access permission.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>

                \n\t
                \n\t\t
                \n\t\t\t

                9. Access controls<\/h2>\n

                Access to information and information systems will be granted on a least privilege and need-to-know basis, in order to minimize the risks of unauthorized access.<\/p>\n

                10. Incident Management<\/h2>\n

                All employees and stakeholders are responsible for immediately reporting any suspected information security incident. CONVERSYS has an established incident management process to effectively respond to, investigate and remedy such incidents.<\/p>\n

                11. Business Continuity<\/h2>\n

                CONVERSYS maintains business continuity plans that include recovery strategies to ensure the continued availability of critical information and systems.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n\n\t

                \n\t\t
                \n\t\t\t

                12. Legal and regulatory compliance<\/h2>\n

                CONVERSYS undertakes to comply with all laws, regulations and contractual requirements applicable to information security, including the protection of personal data and intellectual property.<\/p>\n

                13. Review and Update<\/h2>\n

                This ISP will be reviewed annually and after any significant events that may affect the ISMS, to ensure its continuity, suitability and effectiveness.<\/p>\n

                14. Awareness, Education and Training<\/h2>\n

                CONVERSYS promotes regular information security awareness, education and training programs to ensure that all employees and stakeholders are aware of their responsibilities.<\/p>\n

                15. Risk Assessment and Treatment<\/h2>\n

                Information security risk management is an ongoing process at CONVERSYS, involving the identification, analysis and treatment of risks to ensure that they remain within acceptable levels.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div>\n\t

                \n\t\t
                \n\t\t\t

                This policy is effective immediately and is binding on all parties mentioned. Everyone is encouraged to familiarize themselves with this policy and integrate the principles of information security into their daily activities to protect CONVERSYS information.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/section>\n<\/div>","protected":false},"excerpt":{"rendered":"Objective This Information Security Policy (ISP) establishes the guidelines and requirements to protect CONVERSYS' information against all [...]","protected":false},"author":6,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-34649","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nPol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o - Conversys<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o - Conversys\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/\" \/>\n<meta property=\"og:site_name\" content=\"Conversys\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-12T16:19:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/\",\"url\":\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/\",\"name\":\"Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o - Conversys\",\"isPartOf\":{\"@id\":\"https:\/\/conversys.global\/en\/#website\"},\"datePublished\":\"2025-08-12T15:41:20+00:00\",\"dateModified\":\"2025-08-12T16:19:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conversys.global\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conversys.global\/en\/#website\",\"url\":\"https:\/\/conversys.global\/en\/\",\"name\":\"Conversys\",\"description\":\"IT Solutions\",\"publisher\":{\"@id\":\"https:\/\/conversys.global\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conversys.global\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/conversys.global\/en\/#organization\",\"name\":\"Conversys\",\"url\":\"https:\/\/conversys.global\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conversys.global\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/conversys.global\/wp-content\/uploads\/2024\/03\/conversys.svg\",\"contentUrl\":\"https:\/\/conversys.global\/wp-content\/uploads\/2024\/03\/conversys.svg\",\"width\":219,\"height\":40,\"caption\":\"Conversys\"},\"image\":{\"@id\":\"https:\/\/conversys.global\/en\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Information Security Policy - Conversys","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/","og_locale":"en_US","og_type":"article","og_title":"Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o - Conversys","og_url":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/","og_site_name":"Conversys","article_modified_time":"2025-08-12T16:19:14+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/","url":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/","name":"Information Security Policy - Conversys","isPartOf":{"@id":"https:\/\/conversys.global\/en\/#website"},"datePublished":"2025-08-12T15:41:20+00:00","dateModified":"2025-08-12T16:19:14+00:00","breadcrumb":{"@id":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conversys.global\/en\/politica-de-seguranca-da-informacao\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conversys.global\/"},{"@type":"ListItem","position":2,"name":"Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o"}]},{"@type":"WebSite","@id":"https:\/\/conversys.global\/en\/#website","url":"https:\/\/conversys.global\/en\/","name":"Conversys","description":"IT Solutions","publisher":{"@id":"https:\/\/conversys.global\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conversys.global\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/conversys.global\/en\/#organization","name":"Conversys","url":"https:\/\/conversys.global\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conversys.global\/en\/#\/schema\/logo\/image\/","url":"https:\/\/conversys.global\/wp-content\/uploads\/2024\/03\/conversys.svg","contentUrl":"https:\/\/conversys.global\/wp-content\/uploads\/2024\/03\/conversys.svg","width":219,"height":40,"caption":"Conversys"},"image":{"@id":"https:\/\/conversys.global\/en\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/pages\/34649"}],"collection":[{"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/comments?post=34649"}],"version-history":[{"count":13,"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/pages\/34649\/revisions"}],"predecessor-version":[{"id":34652,"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/pages\/34649\/revisions\/34652"}],"wp:attachment":[{"href":"https:\/\/conversys.global\/en\/wp-json\/wp\/v2\/media?parent=34649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}