Segura®: A Name You Can Trust

Segura® adopts a robust and multidisciplinary approach to protecting its customers' data, aligned with industry best practices and major regulations such as LGPD, GDPR, ISO 27001, and ISO 27701.

We implement strict technical and organizational measures, including:

🔐 Multi-factor authentication and access management for identity control.

🔒 Encryption of sensitive data.

🛠 System hardening based on frameworks such as NIST and CIS, reviewed periodically.

🧪 Penetration tests and continuous vulnerability management to identify and mitigate risks, with emphasis on our role as a member of the CVE (Common Vulnerabilities and Exposures) community, actively contributing to the responsible disclosure of vulnerabilities.

📦 DLP, DRP, and BCP policies reviewed annually to ensure data loss prevention, recovery, and business continuity.

🛡 Up-to-date antivirus solutions with appropriate protection policies.

🌐 Logical network segmentation, separating environments by function and sensitivity.

💾 Regularly tested backups.

🔥 Firewalls and monitoring systems with intrusion detection, automatic blocking, and real-time alerts.

📋 Security policies and procedures reviewed annually, with internal and external audits to ensure ongoing compliance.

In addition, our production environment operates with high availability and disaster recovery practices, ensuring both data integrity and service continuity.

Our commitment is to transparency, privacy, and the trust of every customer.

● LGPD
● ISO 27001
● ISO 27701
● CCPA
● GDPR
● SOC 2 Type II
● SOC 3 Type II

Privacy Policies and Procedures:
We have established robust policies and procedures that comply with key data privacy regulations, including LGPD, GDPR, and CCPA. These guidelines ensure transparency, legality, and respect for data subjects' rights. Additionally, we offer a direct communication channel for data subjects to exercise their rights of access, rectification, and deletion as mandated by law.

Designation of Data Protection Officer (DPO) and Communication Channel:
We have appointed a Data Protection Officer (DPO) to oversee compliance with privacy and security regulations. The DPO acts as the focal point for data protection issues and coordinates compliance activities. We have established a specific channel for privacy and data protection issues to ensure effective responses to queries and requests from data subjects.

Risk Assessment and Treatment:
We have implemented a thorough risk assessment process that includes identifying, evaluating, and addressing information security risks. This enables us to recognize potential threats and implement measures to protect user data.

Access Control and Data Encryption:
We have implemented sophisticated access control mechanisms to comply with strict ISO and SOC standards, ensuring that only authorized users have access to personal data. In addition, we have adopted advanced encryption techniques to protect the confidentiality and integrity of information during storage and transmission, significantly reducing the risk of unauthorized access. These additional measures further strengthen our information security, ensuring effective protection of sensitive data.

Information Security Policies and Employee Awareness:
We have developed comprehensive information security policies based on internationally recognized principles, such as ISO and NIST, that cover several essential aspects of data protection.

Internal Training:
We carry out regular awareness and training activities for all employees to provide information on the best security practices and procedures.

Penetration Testing:
We regularly conduct thorough internal and external penetration tests to identify and address any potential vulnerabilities in our systems and networks. This ensures that our security infrastructure is strong and resilient. Any vulnerabilities discovered during testing are promptly patched to safeguard user data and enhance the organization's security.

Supplier Evaluation:
Before entering into partnerships with suppliers, we conduct a comprehensive assessment of their information security practices and ensure compliance with data protection laws. We verify that they adhere to high security and privacy standards to safeguard user data.

Continuous Monitoring:
We not only evaluate suppliers before establishing partnerships, but we also carry out continuous monitoring throughout the collaboration period. This allows us to ensure that providers maintain high security and privacy standards over time. Any deviations are promptly identified and addressed to mitigate any potential risk to users' data.

We adopt a rigorous auditing process involving renowned external companies, which conduct audits on Segura® multiple times a year and perform internal audits annually. This approach ensures we maintain the highest compliance, security, and privacy levels.

Segura® helps its clients obtain various compliance certifications. Below are some of the certifications we can assist in achieving:
- ISO/IEC 27001: This international standard for information security management systems (ISMS) emphasizes the importance of controlling privileged access to protect sensitive information.
- PCI DSS (Payment Card Industry Data Security Standard): Requires strict controls over privileged access to protect payment card data.
- SOX (Sarbanes-Oxley Act): Regulation for public companies in the US that mandates robust controls over privileged access to ensure the integrity of financial information.
- HIPAA (Health Insurance Portability and Accountability Act): Requires stringent control over privileged access to protect health data in organizations in the US.
- NIST SP 800-53: A set of information security standards for US government systems that recommends managing privileged access as a critical security measure.

Implementing the Segura® solution ensures that privileged access is adequately monitored and controlled.
For more information, you can consult our Whitepapers.

Segura® complies with data privacy regulations such as GDPR, CCPA, and LGPD. Additionally, we offer a portal where data subjects can request various actions related to their data. The portal is available in both PT-BR and EN-US.

Segura® conducts attack simulations and penetration tests regularly to verify the effectiveness of its security controls. These pentests are carried out internally and externally several times a year, ensuring a thorough and impartial evaluation of our security.

Our Compliance department is continuously dedicated to analyzing the best certifications in the market, ensuring they remain relevant and aligned with the latest security practices. In addition to seeking and obtaining these certifications, we stay at the forefront of security. We conduct annual audits for each accreditation, ensuring we are always up-to-date and compliant with the most stringent standards.

Our certifications offer several benefits to Segura®'s clients, including:

- Reliability: They demonstrate our commitment to industry best practices, ensuring that senhasegura is reliable.
- Security: They guarantee that we implement rigorous measures to protect the environment, providing high security for our products and our company.
- Data Protection: They demonstrate our dedication to protecting data subjects' information, reinforcing our commitment to privacy and regulatory compliance, which are essential for ensuring digital sovereignty and user trust in our services.
These certifications testify to our ongoing commitment to excellence and security.