top of page
Olá.png
INFORMATION SECURITY POLICY
THE IMPORTANCE OF INFORMATION SECURITY

Information is a valuable asset, and we are committed to safeguarding the security of the information under our responsibility, ensuring that no threats affect our customers or our company. To this end, this policy establishes a series of basic guidelines that seek to ensure the confidentiality, availability, and integrity of information in our business.

COVERAGE

This Policy applies to all employees, logical environments and physical structures of VERUS BRASIL, in order to meet the organization's strategic business objectives.

RESPONSIBILITIES AND COMMITMENT

VERUS BRASIL management and its employees are committed to ensuring the security of the information under their responsibility and within their reach.

VERUS BRASIL, as an organization, is committed to complying with applicable laws and regulations, as well as contractual clauses with clients and partners regarding Confidentiality and Information Security.

Failure to comply with the terms of this policy and its guidelines by VERUS BRASIL employees may result in contractually stipulated sanctions.

BASIC GUIDELINES

1.LOGICAL ACCESS:

The login for accessing the Verus Brasil environment and the client environment is personal and non-transferable. The password must be at least 8 characters long, combining numbers, letters, and symbols.

2. DATA PROTECTION:

The firewall system is responsible for preventing hacker intrusion and monitoring/blocking all malicious traffic on devices accessing the Verus and client environments. Antivirus software should always be kept up to date with the latest version.

3. INFORMATION CLASSIFICATION:

All information related to Verus Brasil's operations, whether of internal or external origin (with special attention to that involving our clients), is classified as confidential, and its disclosure or publication is prohibited without due authorization from the competent authority.

4. USE OF SOFTWARE:

All software products used to perform tasks must be of the appropriate version and have an official license for use from the manufacturer.

5. SECURITY INCIDENT:

When an incident occurs, it should be reported to your immediate manager as soon as possible and to the VERUS BRASIL Data Processing Officer by email at lgpd@verusbrasil.com.br or by phone at +55 (11) 3515-7400 / 3515-7411.

Examples of security incidents include:

6. REMOTE WORK:

Employees who are working remotely must use a suitable physical environment (means of communication and equipment) to prevent information leaks, whether through media, virtual meeting applications, or other sound and image communication methods (i.e., WhatsApp, Telegram, and similar).

7. PROTECTED SCREEN:

When leaving your workstation, the user must lock the screen/section in order to prevent unauthorized access.

8. CLEAN DESK:

Remove papers, notes, and reminders from work desks when leaving the premises; discard or store media containing Verus and client information in an appropriate location.

9. DEACTIVATION AND DISPOSAL OF IT ASSETS:

Assets that reach the end of their life cycle must have all data, confidential or otherwise, removed and/or destroyed. Asset disposal must follow VERUS BRASIL's Sustainability Policy guidelines and comply with applicable environmental and regulatory standards.

  • Data leaks;

  • Data hijacking (ransomware);

  • Unauthorized access to data stored in information systems;

  • Stolen or compromised credentials;

  • Loss or theft of documents or data storage devices;

  • Prolonged unavailability of a system used by a network;

  • Use of corporate email for spam or personal business promotion;

  • Installation of unauthorized software.

V3 - Updated March 2025

bottom of page