This PSI is based on the recommendations proposed by the ABNT NBR ISO/IEC 27002:2007 standard, recognized worldwide as a code of practice for the management of information security, as well as in accordance with the laws in force in our country.
With the intention of increasing the security of the technological infrastructure directed to internal use and aiming at the orientation of our employees, interns and authorized third parties for the use of the available information technology assets.
Establish guidelines that allow CBL employees to follow standards of behavior related to information security that are appropriate to the business and legal protection needs of the company and the individual.
Guide the definition of specific information security rules and procedures, as well as the implementation of controls and processes for their compliance.
Preserve CBL information regarding:
- Integrity: guarantee that the information is kept in its original state in order to protect it, in custody or transmission, against undue, intentional or accidental changes;
- Confidentiality: guarantee that access to information is obtained only by authorized persons;
- Availability: guarantee that authorized users obtain access to information and corresponding assets whenever necessary.
Just like ethics, security must be understood as a fundamental part of CBL’s internal culture, that is, any security incident is understood as someone acting against ethics and good customs governed by the institution.
This policy makes each employee aware that the company’s environments, systems, computers and networks can be monitored and recorded, with prior information.
It is also the obligation of each employee to keep updated in relation to this PSI and related procedures and standards, seeking guidance from their manager or the Information Technology Sector whenever they are not absolutely sure about the acquisition, use and/or disposal of information .
Units of SP/DA/AR
Units of SP/DA
Units of SP/DA