ISO/IEC 27001 is the standard that defines the requirements for an Information Security Management System (ISMS). It presents as a general principle the adoption of a set of requirements, processes and controls to mitigate and adequately manage the risks to which organizations are subjected. ADVANTAGES OF THE CERTIFICATION: - Reduction of the impact and occurrence of risks; - Increased reliability in relation to the company; - Organization and preparation for to the future changes (optimized management); - Improvement of the internal organization; - Compliance with legal standards; - Competitiveness.Click here to know more
The understanding of personal data privacy in Brazil has changed since Law 13.709/2018, the LGPD. With the entry into force of the General Personal Data Protection Law in August 2020, companies and institutions need to be prepared for the new legislation. Personal data (name, documents, photos, consumption habits, etc.) now have specific protection, with concrete definitions of obligations and rights of owners and companies. The LGPD covers any and all operations that involve the archiving, processing, storage, capture, use, reproduction and transfer of personal data.Click here to know more
The Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 and is a set of guidelines that healthcare organizations are required to follow to protect their internal digital information. HIPAA became of great importance from the moment that crimes of hijacking systems and stealing customer data affected the profits of health institutions. With STWBrasil Audit and Information Security Consultancy, we can attest that hospitals or health clinics are able to reactively and proactively monitor access to their data, ensuring that all users in the organization are fully monitored and providing security for their systems. Monitoring, detailed logs and complete reports work together to provide all the information needed by the organization to carry out assessments on its systems and infrastructure. Auditors have immediate access to any event that requires further investigation.Click here to know more
The credit card and payment industry is one of the most important in the world, moving millions of money daily in Brazil alone. A financial volume of this magnitude becomes a target for fraud and theft. To protect themselves from threats and ensure security for their customers, these companies must meet the requirements of PCI Compliance - PCI DSS, one of the largest security certifications in the world.Click here to know more
ELABORATION OF A CYBERSECURITY POLICY | RESOLUTION NO. 4,658 Compatible with the size of the institution and the complexity of its operations. It must ensure the confidentiality, integrity and availability of data and systems handled by financial institutions. It must contemplate: - The institution Cybersecurity objectives; - Procedures and controls adopted to reduce vulnerability to incidents; - Specific controls that ensure the security of sensitive information; - Recording and analyzing the causes and impacts of incidents for the institutions activities;Click here to know more
Leader in segment and respected by company audits throughout Brazil, the Information Security Audit and Consultancy division has its structure specialists whom create personalized criteria, specially designed to meet the specific needs in information security.