Information Security Management System (ISMS)

The objective of certifying ourselves is to ensure that our technological products and their base processes comply with the security standard with an emphasis on risk mitigation and increase the security of information, internal information or that of our clients and thus generate greater confidence from our clients in the use of our platforms.

ISO 27001 is an international standard for securing and protecting physical and digital information. It provides a series of requirements for managing a company’s information security.

ISO 27001 focuses on adopting an Information Security Management System (ISMS).

ISO 27001 takes a process approach, which means that its controls ensure that business operations add value and are always done safely.

Benefits of becoming certified

Commercial

• Obtain new business and retain customers
• Improve customer trust in our services and data
• Avoid financial losses and penalties associated with data breaches
• Protect and enhance the organization’s reputation
• Comply with business, legal, contractual, and regulatory requirements

Corporate

• Allows structuring the management system
• Reduce the risk of having a security incident
• Allows to assure clients that all applicable legislation is complied with
• Facilitates approval as suppliers

Processes

The ISMS was designed based on the construction processes of the technological solutions offered by the company.

Did you know…?

ALTO S.A. has defined the scope of the Information Security Management System, in accordance with the international standard ISO 27001:2013, as follows:

“Building, maintenance, and operation processes of SaaS technological solutions that support asset protection by managing operational risks related to fraud and theft, according to the statement of applicability in force on the date of issuance of the certificate.”

The Information Security Officer is the person responsible for planning, coordinating, and managing security processes in an organization? For our company, this responsibility belongs to Sandra Barbosa!

We have a policy of guaranteeing the security of information based on its integrity, availability, and confidentiality.

We also have 2024 objectives that will help us to comply with information security. 

We also have 2022 objectives and 2023 objectives that will help us comply with information security.

The policies that support the ISMS are described in the information security manual.

In 2023 we obtained ISO/IEC 27001:2013 certification.

This information is in Spanish, if you require translation you must submit the request at the following link: https://soporte-ti.atlassian.net/servicedesk/customer/portal/14/group/83/create/868

Information security controls

As a conclusion, we will leave a summary video in which the above mentioned is addressed.

More information This information is in Spanish, if you require translation you must submit the request at the following link: https://soporte-ti.atlassian.net/servicedesk/customer/portal/14/group/83/create/868