• Data Privacy & Security Policy: Banco ABC Brasil has Data Privacy & Security policies published, reviewed, and audited periodically. The Bank has built along the years several policies that are complementary, below are some examples together with its respective scope:
⋅ Data Security Policy: General program exploring a fragment of the Bank’s information security strategy, data protection, and LGPD Training;
⋅Information Classification Policy: Classifies data by its degree of risk and potential impact to control the access to information in critical systems and processes related to Banco ABC Brasil’s business;
⋅ System Classification Procedure: Defines the access controls to the Bank’s information, data, systems, and processes related to its businesses;
⋅ Access Control Policy: Establishes requirements for information systems’ access control;
⋅ Access Profile Review: Establishes the criteria to analyze and periodically review each employee’s access rights to information systems;
⋅ Audit Trail: Defines rules for recording and storing audit trails, as well as for monitoring information security in the computing environment;
⋅ Corporate Data Backup Policy: Establishes criteria, procedures, and frequency for the backup of Banco ABC Brasil program files and data;
⋅ Data Masking Policy: Defines the database masking process for the homologation and development environments; and
⋅ Policy for the Use of Electronic Documents: Defines controls to minimize the risk of integrity, availability, and confidentiality of spreadsheets and database files.
It is important to highlight that, apart from its internal initiatives, Banco ABC Brasil is in full compliance with the General Data Protection Law (LGPD – Lei Geral de Proteção de Dados) introduced in Brazil in 2020.
Notably, complementing the entire process of data protection, control, management, and governance, the ABC Brasil also has the following committees dedicated to the subject with the participation of senior executive members: i) the Operational Risk and Compliance Committee where issues related to data and cybersecurity are deliberated; and ii) the Information Technology Committee where budgetary and implementation issues are deliberated.