Information Security Policy

Policy date:  
9/8/2024

‍Introduction

WebPeak is committed to ensuring the protection of critical information and systems used in the conduct of its operations. This Information Security Policy defines the security controls we apply to protect information assets from internal and external threats, ensuring the confidentiality, integrity and availability of data. Our policy is in line with best security practices and international standards such as ISO 27001.‍

Objective

The purpose of this policy is to establish clear guidelines for the implementation and management of security controls at WebPeak. The policy aims to protect information systems, sensitive data and the IT infrastructure from unauthorized access, cyber attacks, and other threats that could compromise the company's security.‍

Scope

This policy applies to all WebPeak employees, third parties, partners and suppliers who have access to the company's information systems, networks and data. It includes all devices, software, network infrastructure and data controlled by WebPeak.‍

Security Controls Implemented

Use of Licensed Software

WebPeak only uses licensed and approved software to ensure legal compliance and the security of information systems. The use of pirated or unauthorized software is strictly prohibited, and all software installed on corporate devices is regularly audited to ensure its legality and security.‍

Secure access via VPN

To guarantee the security of remote access to corporate systems, all access to WebPeak's network is carried out exclusively via a secure Virtual Private Network (VPN). The VPN uses robust encryption to protect data in transit, ensuring that only authorized users can access company resources remotely.‍

Endpoint Management with Manage Engine End Point Central

WebPeak uses Manage Engine End Point Central for centralized management of all endpoint devices. This tool enables continuous monitoring, the application of security patches, and configuration management, ensuring that all devices are protected and updated against vulnerabilities.‍

Malware protection with Sophos Endpoint

All WebPeak corporate devices are protected by Sophos Endpoint, an advanced antivirus solution that detects and blocks malware, ransomware and other cyber threats. Sophos Endpoint offers real-time protection and is centrally managed to ensure that all devices are always protected.‍

Access Policies and Network Security with Sophos UTM Firewall

WebPeak implements Sophos UTM Firewall both in its office and in its data center to manage internet access policies, ensure secure connections and prevent cyber attacks. The firewall provides a layer of protection against intrusions, DDoS attacks, and other network threats, ensuring that network traffic is effectively monitored and controlled.‍

Secure Wi-Fi with Active Directory Authentication

Access to WebPeak's corporate Wi-Fi network is protected by secure authentication via Active Directory. Only authorized devices and users can connect to the Wi-Fi network, ensuring that access is restricted and monitored. Authentication via Active Directory ensures that access credentials are managed centrally and securely.‍

Unified passwords with SSO using Manage Engine AD SelfService Plus

To simplify and strengthen password management, WebPeak uses Manage Engine AD SelfService Plus to implement Single Sign-On (SSO) in its systems. This allows employees to use a single password to access multiple corporate services and systems, increasing security and facilitating access management. Passwords are managed centrally, with requirements for complexity and periodic change, in accordance with the company's security policies.‍

Security Monitoring and Auditing

WebPeak carries out continuous monitoring and regular audits of its security systems to ensure that all implemented controls are working properly and that the systems are protected against emerging threats. Access logs, login attempts, and other relevant activities are recorded and reviewed periodically to identify and mitigate security risks.‍

Training and Awareness

All WebPeak employees receive regular information security training to ensure that they understand their responsibilities in protecting the company's information assets. Ongoing awareness programs are carried out to promote a culture of security and ensure that best practices are followed.‍

Policy Review

This policy will be reviewed annually or whenever there are significant changes in security controls, IT infrastructure or applicable regulations. Any revisions will be approved by senior management and communicated to all relevant employees.‍

Approved by

Marcos Vinicius Custódio
Legal Responsible

webpeak - zoho partner
contato@webpeak.com.br
+55 11 3645-3623
São Paulo, SP
Florianópolis, SC
Talk to sales
Institutional
HomeAbout UsCasesAppsConsulting
Industries
Services
Retail
Finance
Services
NOC
Architecture
Web and Mobile
Digital Experience
AI, BI and RPA
Cloud Computing
Zoho
Partners
Zoho Corporation
Webflow
VTEX
Net2Phone
Manage Engine
MTCaptcha
Google
Cool
Service level agreement
Anti-corruption policy
PLD-FT policy
Privacy Policy
Terms and conditions of use
Security
Information Security Policy
Information Classification Policy
Encryption Key Management Policy
Backup Policy
Access Management Policy
Developed by the Webpeak Team, powered by Webflow
Sitemap
webpeak - zoho partnerwebpeak - zoho partnerwebpeak - zoho partnerwebpeak - zoho partner