EN

Talk to a specialist

MENU

Information Security Policy

1. Our Purpose

Provide guidance and support for information security in accordance with business requirements, applicable laws, and regulations, thereby contributing to the organization’s financial sustainability.

2. Scope

This “Security Policy” ensures service integrity across all Positivo S+ units, in alignment with the company’s strategies, current legislation, and contractual requirements.

The guidelines outlined here must be followed by all employees, service providers, suppliers, interns, contractors, partners, and clients who handle Positivo S+ information.

Note 01: Exceptions are permitted only when approved by the executive board.

3. Information Security Principles

  • Confidentiality: Ensuring information is available or disclosed only to authorized individuals, entities, or processes, maintaining data privacy.
  • Integrity:
  • Ensuring the truthfulness, accuracy, and consistency of information, preventing intentional or accidental compromise or alteration.
  • Availability: Ensuring information is accessible as needed by authorized individuals, entities, or processes.

4. Guidelines

4.1 People

  • All Positivo S+ employees must sign the “Confidentiality Agreement” upon admission or when requested by the company.
  • Misuse of company or client information, sharing it with competitors, using it for personal gain, or improperly storing files and emails is strictly
  • Authentication credentials (e.g., username and password) are personal and non-transferable, and each user is responsible for their safe use and storage.

4.2 Suppliers and Third Parties

  • Any creation, invention, or development of ideas, processes, systems, products, and services during service delivery must be transferred to Positivo S+.
  • Misuse of company or client information by service providers, including sharing with competitors or using for personal gain, is
  • Service providers with access to Positivo S+ resources must comply with the organization’s policies and confidentiality clauses outlined in their service agreements.

4.3 Assets

  • Positivo S+ products or equipment requiring transport must be securely accommodated to ensure physical and logical integrity when applicable.
  • Use of personal computers on the corporate network is not permitted unless explicitly authorized by the information security
  • The movement of assets within Positivo S+ units must follow internal company procedures.

4.4 Processes

  • Critical business processes must be mapped, risk-assessed, and approved by the executive board.
  • Process mapping must be reviewed whenever significant changes occur in the environment.

4.5 Risk

  • A risk assessment process for information security must identify vulnerabilities, threats, impacts, and acceptable risk levels for assets, people, information, systems, and processes.
  • Risk assessments must be reviewed annually or whenever significant changes occur.
  •  

4.6 Information

  • Access to Positivo S+ or client information is restricted to authorized personnel only.
  • Confidentiality clauses agreed upon with clients must be respected by employees and third-party service providers.
  • Unauthorized access to systems, applications, or attempts thereof is strictly
  • All information created within Positivo S+ or on its behalf belongs to the company, which determines its use and purpose.
  • Data storage and backup must follow secure processes validated by the competent team.
  • Use of external storage devices (e.g., USB drives, external hard drives) for data transport or storage requires formal authorization.

4.7 Systems and Applications

  • Installing unauthorized software (e.g., shareware, freeware) is not allowed unless listed in the approved solutions.
  • Security updates and patches must be implemented following established protocols and approved by the IT and security
  • All devices capable of running antivirus software must have it installed, updated, and operational.
  • Corporate email is for business purposes only, and using it for personal activities, such as online shopping, is prohibited.
  • System and application credentials must not be shared, and users are solely responsible for safeguarding their logins and passwords.

4.8 Violation of Policies and Guidelines

Security violations must be reported immediately to the information security team. Investigations will be conducted to determine corrective actions.

Examples of violations:

  • Illegal use of software
  • Introduction of viruses
  • Sharing sensitive business or personal data
  • Breaching confidentiality agreements
  • Sharing offensive or harmful content
  • Other violations specified in the Group Positivo Code of Conduct and applicable laws

4.9 Audit

  • All employees and third parties using Positivo S+ technology environments are subject to network, telephony, and application audits.
  • Audits will be periodically conducted to ensure compliance with this
  • If activities compromising network security are detected, the information security team may inspect user activities, files, and access logs, notifying senior management of any findings.

5. General Provisions

This Information Security Policy is subject to regular updates to ensure alignment with applicable legislation.

Follow us on social media

© Positivo Tecnologia S/A. All rights reserved. Photos for illustrative purposes only.
Use your browser tool if you want to change your cookie settings. | Consumer Protection Code.

Terms of Use

Privacy

O que você está procurando?

What are you looking for?