Investor Presentaiton
SPIC BRASIL
About SPIC Brasil
Our energy comes from multiple sources
Vision-driven progress
Safety is the foundation of care
GRI Summary
29
Cybersecurity
In 2022, we incorporated cyber security
into our IT division. This change decisively
contributed to the discussions and
implementations carried out by the Data
Privacy Committee. Various procedures
and policies that inform the work of
this department and our company were
reviewed, many of which focused on the
Brazilian General Data Protection Act
(LGPD) and information security. We also
address vulnerabilities, ensuring a higher
degree of security for our operations.
This required the putting into practice
of several simulation and invasion tests,
which help us shield our applications.
We reviewed information
ā security procedures and
policies and addressed
vulnerabilities to improve
our operations.
To achieve cybersecurity effectiveness, we
understand that raising the awareness of
our workers is crucial. That's why in 2022
we began producing and disseminating
internal training content and trails related
to the topic, and we intend to step this up
a level over the course of 2023.
DATA PRIVACY COMMITTEE
In 2022 the LGPD Act remained unchanged. However, SPIC Brasil's
Data Privacy Committee shall continuously monitor the law with
the National Data Protection Authority, which submits an agenda
of topics for regulation every two years.
The Committee meets periodically to report on SPIC Group's Privacy
Program and to update relevant market practices and monitor the
sector agenda in Brazil. In 2022, we enlisted a consultancy firm to
assess the program's maturity and we began making the suggested
recommendations, based on an improvement plan for 2023.
The project will be overseen by the company's Internal Audit.View entire presentation