Introduction
WebPeak recognizes the importance of protecting corporate information according to its value, criticality and sensitivity. To ensure that information is properly protected, it is essential that it is classified in a systematic and consistent manner. This policy defines the information classification process at WebPeak, ensuring that information is treated according to its legal requirements, value to the business, and the need to protect against modification or unauthorized disclosure.
Objective
The purpose of this policy is to establish clear guidelines for the classification of WebPeak's information in order to ensure that the information is adequately protected against the risks of unauthorized modification, disclosure, access or destruction. The policy aims to ensure compliance with legal, regulatory and contractual requirements, as well as preserving the integrity and confidentiality of corporate information.
Scope
This policy applies to all information generated, processed, stored or transmitted by WebPeak. It includes, but is not limited to:
Information Classification Guidelines
Classification categories
WebPeak information will be classified into one of the following categories, based on its value, sensitivity and legal requirements:
The classification of information will be based on the following criteria:
Labelingand Information Processing
All classified information must be labeled according to its classification category. The label must be clearly indicated on physical and electronic documents, databases and IT systems. The information must be handled according to the guidelines established for each category, ensuring that appropriate security measures are applied, such as encryption, access control and monitoring.
Reviewing and Updating the Classification
The classification of information must be reviewed periodically, or whenever there are significant changes in its value, criticality or legal requirements. The review can be initiated by requests from information owners or by internal information security audits.
Responsibilities
Training and Awareness
All WebPeak employees will receive training on the importance of information classification and their responsibilities for the secure handling of information in accordance with the policy. Ongoing awareness programs will be carried out to ensure compliance with classification practices.
Policy Review
This policy will be reviewed annually or whenever there are significant changes in the company's operations, legal requirements or the threat environment. Any revisions will be approved by senior management and communicated to all relevant employees.
Approved by
Marcos Vinicius Custódio
Legal Responsible