Talk to a specialist
Home Information Security Policy

Information Security Policy

  • 1. Objective

To provide guidance and support for information security in accordance with business requirements and the relevant laws and regulations, thus contributing to the organization’s financial sustainability.

2. Scope

This “Security Policy” maintains the integrity of service provision at all Algar Tech units in accordance with company strategies, current legislation and contractual requirements.

The guidelines established here must be followed by all associates, service providers, suppliers, interns, contractors, partners, and customers who use Algar Tech information.

Note 01: Exceptions only when approved by the executive board.

3. Information Security Principles

Confidentiality: ensuring that information is made available or disclosed only to authorized individuals, entities, or processes, maintaining the secrecy of the data.

Integrity: ensuring the truthfulness, accuracy, and consistency of information, ensuring that it is not compromised or intentionally or accidentally altered.

Availability: ensuring that information is always accessible when needed on demand by authorized individuals, entities, or processes.

4. Guidelines

4.1. People

Algar Tech Associates

  • Every associate must sign the “Confidentiality Agreement” upon admission or whenever requested by the company.
  • It is prohibited for any associate to misuse company and/or client information, transmit it to competitors, use it for personal gain, and/or improperly store files and emails.
  • Any authentication ID (username and password) on the corporate network or in applications provided by Algar Tech is personal and non-transferable. Each user is responsible for storing and using it.

Suppliers and Third Parties

  • All creations, inventions, and developments of ideas, processes, systems, products, and services carried out during service provision at Algar Tech must be transferred to the company.
  • It is prohibited for any service provider to misuse company and client information, transmit it to competitors, use it for personal gain, and/or improperly store files and emails.
  • By receiving access to any resource of Algar Tech, the service provider will be subject to the company’s internal policies and guidelines and all criteria established in the confidentiality clauses available in the service contract signed at the time of hiring.

4.2. Assets

  • Any product or equipment from Algar Tech that needs to be transported must be securely stored, ensuring its physical and logical integrity when applicable.
  • Personal computers are not allowed on the corporate network. Except for exceptions previously authorized by the information security area.
  • The entry, movement, and exit of assets from Algar Tech units must follow the company’s internal procedures.

4.3. Processes

  • The company must map all business-critical processes and conduct a risk assessment with controls and treatments. These must be known, approved and accepted by the management board.
  • The mapping of critical processes should be reviewed whenever impactful changes occur in the environment.

4.4. Risks

  • The company must define and apply a risk assessment process for existing security information processes and technologies, and their results must be comparable and reproducible, contributing to the Corporate Risk Map.
  • The risk assessment must identify vulnerabilities, threats, impacts, and acceptable risk levels for assets, people, information, systems, applications, and the mapping of key business processes according to the company’s strategies, applicable laws, and contractual requirements.
  • The risk assessment must be reviewed at least once a year or whenever impactful changes occur in the environment.

4.5. Information

  • Access to Algar Tech or its clients’ information within its business and computing environment is restricted and will only be available to individuals formally authorized for such access.
  • All confidentiality clauses agreed upon with clients regarding their information must be respected by Algar Tech associates or third parties who may have access to such information.
  • It is strictly prohibited for any user without formal authorization to access any systems and applications, or even to attempt access.
  • Any and all information generated within Algar Tech or on its behalf, which results from the work of associates, suppliers, or service providers, belongs to Algar Tech, and only it can determine its destination and purpose.
  • Any creation, invention, or development of ideas, processes, systems, products, and services created within the scope of work or the responsibilities and mission of the associate’s role in the company must be transferred to Algar Tech.
  • The disclosure of any company or client information to individuals not part of the same workgroup, in public communication channels (including photos/videos on social media), or internal media, without prior authorization or in the absence of a signed Confidentiality and Responsibility Agreement, is strictly prohibited, except in cases explicitly covered by the contract.
  • Information generated within the organization must be stored in a backup process with restore guarantees in a secure location validated by the responsible team.
  • The use of USB drives, external hard drives, or any other type of removable storage device for the transport or storage of data is prohibited. Exceptions must be formally authorized by the information security department.
  • At the end of the contractual relationship with the client or service provider, any information stored on Algar Tech’s equipment must be deleted or transferred to the client as provided in the contract.
  • At the end of the employment or contractual relationship, associates and/or service providers who had access to equipment or storage media must eliminate any physical and/or logical traces of information generated or acquired within Algar Tech.

4.6. Systems and Applications

  • The installation of any software that has not been approved by Algar Tech is not permitted.
  • All updates and security patches must be implemented according to the rules of each application and must be approved by the security and information technology team.
  • All equipment (servers, desktops, notebooks, etc.) that allow the installation of antivirus software must have them installed and updated online. The user may not disable or uninstall them.
  • Algar Tech’s corporate email should be used exclusively for company-related matters, as the information stored or transmitted is the property of the organization. It is the user’s responsibility to ensure proper classification and handling of the information according to the organization’s procedures.
  • The use of corporate email for personal purposes, registration on shopping websites, or other forms is not allowed.
  • No access to Algar Tech’s or its clients’ systems and applications may be shared. The associate owning the user account is solely responsible for maintaining the confidentiality of their login credentials, network user, internet access, work files, and other Algar Tech applications.
  • The use of instant messaging tools not approved by the security and technology team is prohibited, except in cases where their use is proven effective for the activities performed by the associate or client.
  • The transfer of files via any instant messaging tools and file-sharing is prohibited, except for authorized exceptions and/or approved and authorized tools.

4.7. Violations of Policies and Guidelines

Security violations must be reported to the Information Security area immediately. Any violation or deviation must be investigated in order to determine the necessary measures to correct the failure or restructure processes.

The following are considered security breaches

  • Illegal use of software;
  • Introduction (intentional or not) of computer viruses;
  • Sharing of sensitive business information;
  • Sharing personal data;
  • Undue exposure of data related to contracts and clients;
  • Breach of confidentiality of confidential information and/or sensitive data;
  • Disclosure of client information and contracted operations;
  • Sharing of Adult, discriminatory, offensive, defamatory, abusive, pornographic, obscene, violent content and any others that may cause, incite or promote attitudes that imply a violation of privacy, intellectual and industrial property;
  • Other violations provided for in the Algar Group Code of Conduct, the Algar Group Information Security Policy and current legislation.

The security principles established in this policy are fully supported by the presidency and board of Algar Tech and must be followed by all employees while executing their duties.

4.8. Audits

  • All associates, as well as third parties using Algar Tech’s technological environment, are subject to network, telephony, and application usage audits.
  • Auditing and monitoring procedures will be carried out periodically by the information security department or contracted companies, aiming to observe compliance with the guidelines established in this policy by users and to manage network performance.
  • If there is evidence of activities that may compromise network security, the information security department is allowed to audit and monitor a user’s activities, as well as inspect their files and access logs. This will be immediately reported to top management.

General provisions

This Information Security Policy is subject to regular changes to ensure that it is up to date in accordance with applicable legislation.

1
Solution
2
About you
3
About your business
Please select one of the options.
Your full name.
Your work email.
Your work phone number. Use numbers only.
Your mobile phone number. Use numbers only.
Por favor, preencha todos os campos do formulário.

Algar Tech
Resources
CX

Backoffice

Optimize your BackOffice processes with intelligence and automation.

Billing

Maximize your company's credit recovery with agility.

Customer Service

Understand your customer, offer an assertive experience with excellence.

Sales and Retention

Increase sales and retain customers with data intelligence.
Algar Tech Blog
Most read of the week
Contact
Vacancies
Talk to a specialist