Menu

General Information Security Policy

General Information Security Policy

General Information Security Policy

Through this policy,GIF Assessoria LTDA (hereinafter known as “GIF”) aims to:

⦁   Establish Information Security guidelines and standards that allow the adoption of secure behavior standards, suitable to the organization’s targets and needs;

⦁   Provide guidance on the adoption of controls and processes to meet Information Security requirements;

⦁   Safeguard GIF’s information, ensuring basic requirements of confidentiality, integrity, and availability;

⦁   Prevent possible causes of incidents and legal liability of the institution and its employees, clients, suppliers, and partners;

⦁   Minimize the risks of financial loss, market share, customer trust, or any other negative impact on GIF’s business as a result of security breaches.

It is GIF’s policy to:

⦁   Develop, implement, and thoroughly follow all Information Security policies, standards, and procedures, ensuring that the basic requirements of confidentiality, integrity, and availability of the organization’s information are met, by adopting controls against threats from external and internal sources;

⦁   Make security policies, standards, and procedures available to all stakeholders and authorized parties, such as: employees, third-party contractors, suppliers, and – where relevant – clients;

⦁   Ensure education and awareness about the Information Security practices adopted by GIF for employees, third-party contractors, suppliers, and –where relevant – clients;

⦁   Fully comply with all Information Security requirements applicable or required by regulations, laws, and/or contractual clauses;

⦁   Fully address all Information Security incidents, ensuring that they are appropriately recorded, rated, investigated, corrected, and documented, reporting them to the appropriate authorities whenever necessary;

⦁   Ensure business continuity through the adoption, implementation, testing and continuous improvement of continuity and disaster recovery plans;

⦁   Continuously improve Information Security Management by defining and systematic reviewing security objectives at all levels of the organization.

Sanctions

Failure to comply with this policy, or any other security standards and procedures, is considered a serious offense that will be analyzed internally; appropriate penalties will be decided upon jointly with the Executive Board. The application of sanctions and punishments must take into account the seriousness of the offense, the effect(s) resulting therefrom, and recurrence. In the case of violations that involve unlawful activities or those that may cause damage to the organization, the offender shall be held liable for the losses, with the application of the relevant legal measures.

General Provisions

The guidelines established in this policy and in other security standards and procedures are not exhausted due to continuous technological evolution and the constant emergence of new threats. Therefore, an enumerative list is not established in this policy, and it is the obligation of the user of GIF’s information to adopt, whenever possible, other security measures in addition to those provided for herein, with the aim of ensuring protection of GIF’s information.

This Policy is aligned with other GIF policies and was approved by the Executive Board.

GIF undertakes to review this policy whenever necessary.

General Information Security Policy

Through this policy,GIF Assessoria LTDA (hereinafter known as “GIF”) aims to:
⦁   Establish Information Security guidelines and standards that allow the adoption of secure behavior standards, suitable to the organization’s targets and needs;
⦁   Provide guidance on the adoption of controls and processes to meet Information Security requirements;
⦁   Safeguard GIF’s information, ensuring basic requirements of confidentiality, integrity, and availability;
⦁   Prevent possible causes of incidents and legal liability of the institution and its employees, clients, suppliers, and partners;
⦁   Minimize the risks of financial loss, market share, customer trust, or any other negative impact on GIF’s business as a result of security breaches.

It is GIF’s policy to:

⦁   Develop, implement, and thoroughly follow all Information Security policies, standards, and procedures, ensuring that the basic requirements of confidentiality, integrity, and availability of the organization’s information are met, by adopting controls against threats from external and internal sources;

⦁   Make security policies, standards, and procedures available to all stakeholders and authorized parties, such as: employees, third-party contractors, suppliers, and – where relevant – clients;

⦁   Ensure education and awareness about the Information Security practices adopted by GIF for employees, third-party contractors, suppliers, and –where relevant – clients;

⦁   Fully comply with all Information Security requirements applicable or required by regulations, laws, and/or contractual clauses;

⦁   Fully address all Information Security incidents, ensuring that they are appropriately recorded, rated, investigated, corrected, and documented, reporting them to the appropriate authorities whenever necessary;

⦁   Ensure business continuity through the adoption, implementation, testing and continuous improvement of continuity and disaster recovery plans;

⦁   Continuously improve Information Security Management by defining and systematic reviewing security objectives at all levels of the organization.

Sanctions
Failure to comply with this policy, or any other security standards and procedures, is considered a serious offense that will be analyzed internally; appropriate penalties will be decided upon jointly with the Executive Board. The application of sanctions and punishments must take into account the seriousness of the offense, the effect(s) resulting therefrom, and recurrence. In the case of violations that involve unlawful activities or those that may cause damage to the organization, the offender shall be held liable for the losses, with the application of the relevant legal measures.

General Provisions
The guidelines established in this policy and in other security standards and procedures are not exhausted due to continuous technological evolution and the constant emergence of new threats. Therefore, an enumerative list is not established in this policy, and it is the obligation of the user of GIF’s information to adopt, whenever possible, other security measures in addition to those provided for herein, with the aim of ensuring protection of GIF’s information.

This Policy is aligned with other GIF policies and was approved by the Executive Board.

GIF undertakes to review this policy whenever necessary.