top of page
LOGO CLOUD STORM_CURVE_COLOR AND NEGATIVE.png

 

Information Security Policy

1. Introduction

 

Cloud Storm Tecnologia Ltda provides IT infrastructure monitoring and software development services, and recognizes the importance of information security in ensuring the confidentiality, integrity, and availability of data and systems. This includes ensuring proper data use, mitigating information security risks, and complying with the General Data Protection Law (LGPD) and other applicable regulations. This policy establishes guidelines and responsibilities to protect the company’s, clients’, and partners’ information from internal and external threats.

 

2. Objectives

 

The main objectives of this policy are:

 

a) To protect information from unauthorized access, disclosure, alteration, and destruction;

b) To ensure the availability of critical systems and data for business continuity;

c) To ensure compliance with applicable laws and regulations related to information security;

d) To promote awareness and training of employees regarding information security.

 

3. Responsibilities

 

 

3.1 Executive Management

 

Executive management is responsible for:

 

a) Defining and approving the information security policy;

b) Promoting a culture of information security within the company;

c) Appointing an Information Security Officer (ISO) to implement and monitor this policy;

d) Allocating adequate resources to implement the required security measures;

e) Regularly reviewing and updating the information security policy as needed.

 

 

3.2 Information Security Officer (ISO)

 

The ISO is responsible for:

 

a) Developing, implementing, and maintaining information security measures;

b) Monitoring compliance with this policy and taking corrective actions when necessary;

c) Identifying and assessing information security risks;

d) Promoting employee awareness and training on information security;

e) Staying up to date with emerging threats and best practices in information security.

 

 

3.3 Employees

 

All employees must:

 

a) Comply with this policy and the implemented security measures;

b) Handle confidential information carefully and protect it from unauthorized access;

c) Immediately report any suspected security breaches or incidents to the ISO;

d) Participate in security awareness and training programs.

 

4. Security Measures

 

The following security measures must be implemented:

 

a) Access Control: Use strong authentication for accessing sensitive systems and data, based on the principle of least privilege;

b) Data Protection: Use encryption and anonymization techniques to protect confidential data in transit and at rest;

c) Vulnerability Management: Conduct regular security testing, and update and patch systems and applications to mitigate known vulnerabilities;

d) Monitoring and Detection: Implement security monitoring systems to detect suspicious activities and respond appropriately to security incidents;

e) Backup Policies: Perform regular backups of critical data and test data restoration procedures regularly;

f) Awareness and Training: Promote regular training for all employees on best practices for information security, threat identification, and incident response. Also, conduct awareness campaigns to reinforce the importance of information security and encourage secure behaviors;

g) Incident Management: Establish an incident management process to efficiently respond to and remediate any security breaches or incidents. This includes proper notification to affected parties, investigation, recovery, and post-incident review to prevent recurrence;

h) Security Policies: Develop and implement specific security policies covering various aspects such as acceptable use of IT resources, personal data protection, password management, among others;

i) Audit and Compliance: Conduct regular audits to verify compliance with the information security policies and applicable laws and regulations. Maintain appropriate audit records and implement corrective actions as necessary;

j) Secure Partnerships: Establish confidentiality and security agreements with business partners, suppliers, and clients to ensure information security is considered in all interactions.

 

5. Review and Update

 

This information security policy must be reviewed regularly to ensure its continued relevance and effectiveness. Changes in laws, regulations, and emerging threats should be taken into account to update the policy as needed.

 

6. Conclusion

 

Information security is a shared responsibility among all members of the organization. By adopting this policy and following the established security measures, the company is protecting its information assets and upholding its commitment to the confidentiality, integrity, and availability of data and systems.

 

bottom of page