VISION COMUNICAÇÃO E MARKETING LTDA., a Limited Liability Company, headquartered at Rua Miguel Sutil, 370, Vila Cordeiro, CEP: 04.583-050, Municipality of São Paulo, State of São Paulo, registered with the CNPJ/MF under No. 03.702.250/0001-61, hereinafter simply referred to as “Vision”, recognizes the importance of acting ethically and transparently, following the best practices of governance and fairness in its business activities, in a manner that is always appropriate to the objectives we set ourselves.
This Information Security Policy (“Security Policy”) explains and explains to you (whether you are a user, collaborator, service provider, employee or member of the management team) the fundamentals, our policies, rules and actions.
Please read it carefully and do not hesitate to contact us if you have any questions.
This Security Policy is a reference guide for the conduct of its employees and the entire management team when carrying out their day-to–day work with clients (public or private), business partners and suppliers.
Recipients:
This Security Policy must be observed by board members, employees, trainees, business partners (consultants, sales agents and the like) and service providers who act on behalf of and/or with Vision. All of these recipients must use the provisions set out in this document as a benchmark for ethics and conduct to be observed in their dealings with Vision and with other companies.
Initial Values:
Information security is a critical aspect of protecting the confidentiality, integrity and availability of an organization’s data. This Security Policy defines the guidelines and procedures that Vision must follow to guarantee information security, which is nothing more than the act of protecting company data (especially confidential data) against various types of threats and risks – espionage, sabotage, incidents involving viruses or malicious code and even accidents such as fire and flooding.
This means that information security is achieved by implementing a range of controls that include routine procedures (such as antivirus checks), hardware and software infrastructure (such as the management of electronic document signing solutions), and the creation of a properly documented policy.
Thus, our Information Security Policy defines rules that dictate access, control and transmission of information inside and outside Vision.
Objectives
– Protect information from unauthorized access.
– Guarantee the confidentiality, integrity and availability of information.
– Ensure that users are aware of and comply with security policies and procedures.
– Prevent and minimize the impact of security incidents.
Responsibilities
– Board of Directors: Approve and support the information security policy.
– IT Manager: Implement and maintain security policies and procedures
– Employees: Comply with security policies and report security incidents.
Security Guidelines
s.1 Access Control
– Authentication: All users must authenticate using unique credentials (username and password).
– Authorization: Access to information must be granted on a need-to-know basis and on the principle of least privilege.
s.2 Data Protection
– Encryption: Sensitive information must be encrypted during storage and transmission.
– Backup: Regular backups should be carried out and stored in secure locations.
– Confidentiality: Confidentiality, in the context of information security, is the guarantee that a given piece of information, source or system is accessible only to those previously authorized to have access.
s.3 Risk management
– Risk Assessment: Carry out risk assessments periodically to identify and mitigate potential threats.
– Business Continuity Plan: Maintain and regularly test a continuity plan to ensure rapid recovery from incidents.
s.4 Monitoring and Auditing
– Access Logs: Monitor and record all access and activity on information systems.
– Audits: Carry out regular audits to ensure compliance with security policies.
s.5 Training and Awareness
– Training programs: All employees must participate in information security training programs.
– Awareness: Carry out periodic awareness campaigns to keep security a constant priority.
s.6 Incident Response
– Response procedures: Define and implement procedures for responding quickly to security incidents.
– Communication: Promptly inform affected parties and competent authorities in the event of a data breach.
Privacy Policy and LGPD
– Compliance: Vision Comunicação must comply with all applicable regulations, including the General Data Protection Act (LGPD).
– Personal Data Protection: Ensure that all personal data is processed in accordance with the principles of the LGPD, protecting the privacy of individuals.
Changes
This policy should be reviewed annually or whenever there are significant changes to information systems or the threat environment, and the current version will always be available on the website for your consultation.
Contacting us
If you have any complaints, questions and/or comments about this Information Security Policy or the way in which we deal with issues related to it, you can contact us at [email protected].
We will respond within a reasonable time and in accordance with applicable legislation.
Validity and Application
This Information Security Policy comes into force from the date of its publication and is valid for an indefinite period.
Adherence to this Information Security Policy is essential to protect Vision’s information assets and ensure the trust of our customers, partners and employees.
Applicable Law and Venue
This Information Security Policy is written in Portuguese and governed and interpreted in accordance with the laws of the Federative Republic of Brazil (Brazilian law will be the only applicable law), and the Court of the District of São Paulo, State of São Paulo, is hereby exclusively elected to settle any doubts and/or controversies arising from it, to the exclusion of any other, however privileged.
You can always count on us and consult this Information Security Policy whenever you need to.
Date of last update of these Policies:
Created: 12/06/2024
Last revision: 17/06/2024
Agência VisionVision Agency
social vision