{"id":639,"date":"2025-01-22T17:00:15","date_gmt":"2025-01-22T17:00:15","guid":{"rendered":"http:\/\/10.11.153.111:8082\/?page_id=639"},"modified":"2025-01-22T17:01:13","modified_gmt":"2025-01-22T17:01:13","slug":"politica-de-seguranca-da-informacao","status":"publish","type":"page","link":"https:\/\/care-business.com\/en\/politica-de-seguranca-da-informacao\/","title":{"rendered":"Information Security Policy"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Information Security and Privacy Policy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

INFORMATION SECURITY AND PRIVACY POLICY<\/p>

1. OBJECTIVE
CARE establishes its Information Security and Privacy Policy as an integral part of its
corporate management system, aligned with good market practices and international standards
accepted and the relevant Brazilian legislation, with the aim of guaranteeing adequate levels of protection to
information and personal data operated by the organization, its customers and employees under its control
responsibility.<\/p>

2. PURPOSE<\/p>

\u2022 This policy aims to:
\u2022 Establish Information Security and Privacy guidelines and standards that allow
CARE employees adopt safe behavior standards;
\u2022 Provide guidance on the adoption of controls and processes to meet Security requirements
Information and Privacy of Personal Data;
\u2022 Safeguard CARE information, ensuring basic confidentiality requirements,
integrity and availability;
\u2022 Prevent possible incidents and legal liability involving the institution, employees,
customers, suppliers and partners;
\u2022 Minimize the risks of financial losses, market losses, customer confidence losses or other impacts
negative impact on CARE's business as a result of security breaches.<\/p>

3. POLICY
This policy applies to all CARE employees, suppliers and partners who have access
to CARE's personal information and data and\/or make use of computing resources included in the
internal infrastructure.<\/p>

3.1. It is CARE's Policy:
\u2022 Develop, implement and fully follow security policies, standards and procedures
of information, ensuring that the basic requirements of confidentiality, integrity and
availability of information and personal data operated at CARE are achieved through
the adoption of controls against threats from both external and internal sources
internal;
\u2022 Make security policies, standards and procedures available to all interested parties
and authorized parties, such as: Employees, contracted third parties, suppliers and, where
relevant, customers.
\u2022 Ensure education and awareness about information security practices and
data privacy adopted by CARE for Employees, contracted third parties,
suppliers and, where relevant, customers.
\u2022 Fully meet information security and data privacy requirements
applicable personal data or required by regulations, laws and\/or contractual clauses;<\/p>

\u2022 Fully handle information security incidents and data privacy
personal data, ensuring that they are properly recorded, classified, investigated,
corrected, documented and, where necessary, communicating to the appropriate authorities;
\u2022 Ensure business continuity through adoption, deployment, testing and improvement
continuous continuity and disaster recovery plans;
\u2022 Continuously improve Information Security and Privacy Management through
definition and systematic review of security objectives at all levels of the organization.<\/p>

4. ROLES AND RESPONSIBILITIES
4.1. Information Security Steering Committee \u2013 CGSI
The Information Security Management Committee \u2013 CGSI is hereby established, with the participation of,
at least one Technology Director, one Information Technology Manager and at least two
members with knowledge in information technology, both with infrastructure support and
with systems.
4.2. It is the responsibility of the CGSI:
\u2022 Analyze, review and propose the approval of security-related policies and standards
of information;
\u2022 Ensure the availability of the resources necessary for effective Management of
Information Security;
\u2022 Ensure that information security and data privacy activities are
executed in accordance with the PSIP;
\u2022 Promote the dissemination of PSIP and take the necessary actions to disseminate a
culture of information security and privacy of personal data in the environment
CARE<\/p>

5. PRINCIPLES OF USE OF AI
All AI solutions must be designed and implemented with robust mechanisms for
security to protect data against unauthorized access, leaks, and improper modifications
and other types of cyberattacks. AI models must be trained and validated in such a way that
minimize risks to the integrity and confidentiality of information.<\/p>

The use of AI must be carried out in compliance with current data protection legislation, such as
the General Data Protection Law (LGPD) and the General Data Protection Regulation (GDPR), when
applicable. The processing of personal data by AI must be done transparently, ensuring
the appropriate consent of data subjects, whenever necessary.<\/p>

6. CLASSIFICATION AND TREATMENT OF INCIDENTS
Every information security incident must be classified according to its criticality and impact,
and handled in accordance with established procedures. Reporting critical incidents
must be immediately reported to the CGSI, and containment and mitigation actions must be initiated immediately.<\/p>

7. SANCTIONS AND PUNISHMENTS<\/p>

Violations of this policy or other security standards, even by omission, will be subject to
penalties ranging from verbal warnings to dismissal for just cause for CLT employees,
and immediate termination of contracts for third parties or suppliers. The CGSI is responsible for analyzing
each infraction and decide on the punishments.<\/p>

In cases of violation that involve illegal activities or damage to the organization, the offender will be
held accountable and subject to appropriate legal action. The application of sanctions and punishments will be carried out
according to the analysis of the Information Security Management Committee, and the
severity of the infraction, effect achieved and recurrence, and the CGSI may pass on the information of
infraction to the immediate Manager who will apply the penalty when the serious offense is identified.<\/p>

In the case of third-party contractors or service providers, the CGSI must analyze the occurrence and
deliberate on the implementation of sanctions and punishments in accordance with the terms set out in the contract;<\/p>

In the case of violations that involve illegal activities, or that may result in damage to
Organization, the offender will be held responsible for the damages, and the measures will be applied
relevant judicial decisions.<\/p>

6. OMISSIONS
Omitted cases will be evaluated by the Information Security Management Committee for later
deliberation.
The guidelines established in this policy and in other security standards and procedures do not apply to
are exhausted due to continuous technological evolution and the constant emergence of new threats. This
form, it does not constitute an enumerative list, and it is the obligation of the user of CARE information to adopt,
whenever possible, other security measures in addition to those provided here, with the aim of guaranteeing
protection of personal information and data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o e Privacidade POL\u00cdTICA DE SEGURAN\u00c7A DA INFORMA\u00c7\u00c3O E PRIVACIDADE 1. OBJETIVOA CARE estabelece sua Pol\u00edtica de Seguran\u00e7a da Informa\u00e7\u00e3o e Privacidade, como parte integrante do seusistema de gest\u00e3o corporativo, alinhada \u00e0s boas pr\u00e1ticas do mercado, \u00e0 normas internacionalmenteaceitas e a legisla\u00e7\u00e3o brasileira pertinente, com o objetivo de garantir n\u00edveis adequados […]<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-639","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/pages\/639","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/comments?post=639"}],"version-history":[{"count":4,"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/pages\/639\/revisions"}],"predecessor-version":[{"id":643,"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/pages\/639\/revisions\/643"}],"wp:attachment":[{"href":"https:\/\/care-business.com\/en\/wp-json\/wp\/v2\/media?parent=639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}