Information Technology Policy
Click here to access the PDF.
Review History
| Version: | Date of Review: | History: |
| 1 | 06/03/2013 | Document creation |
| 2 | 06/08/2015 | Inclusion of items Scope (II), Additional Documentation (III), Concepts and Acronyms (IV), Responsibilities (V) and Outcome Management (VII). |
| 3 | 08/24/2017 | Update of items I. Objective, II. Scope, III. Additional Documentation, IV. Concepts and Acronyms, V. Responsibilities and all sub-items of VI. Guidelines; Inclusion of item VIII. Miscellaneous. |
| 4 | 10/29/2019 | Updating item II. Scope, V. Responsibilities, VII. Concepts and Acronyms and VIII. General Provisions. |
| 5 | 12/17/2021 | Update of items: I. Purpose, II. Scope, IV. Consequence Management, V. Responsibilities, VI. Concepts and Acronyms. |
| 6 | 11/29/2023 | Update of items: I. Purpose, II. Scope, III. Guidelines sub-items 2, 3, 7, IV. Consequence Management, V. Responsibilities, VI. Supplementary Documentation, VII. Concepts and Acronyms and VIII. General Provisions. |
I. Purpose
The purpose of this Information Technology Policy (“Policy”) is to establish guidelines to leverage and sustain the strategies and business objectives of Cielo S.A. – Instituição da Pagamento (“Cielo”), its subsidiaries and affiliates, through the management of the Information Technology (“IT”) project portfolio and its technological structure, with efficiency, quality and safety, ensuring long-term sustainability.
II. Scope
All members of the Board of Directors, the Executive Board (“Directors”); members of the Advisory Committees and the Fiscal Council; Employees, including outsourced workers, interns and young apprentices (“Employees”) of the companies Cielo, Servinet Serviços Ltda. (“Servinet”), Stelo S.A. (“Stelo”) and Aliança Pagamentos e Participações Ltda. (“Aliança”), hereinafter jointly referred to as the “Company”.
All the Company’s Subsidiaries must define their directions based on the guidelines set forth in this Policy, considering the specific needs and the legal and regulatory aspects to which they are subject.
With respect to the Affiliated Companies, the Company’s representatives who act in managing its Affiliated Companies must make every effort to define their directions based on the guidelines set forth in this Policy, considering the specific needs and the legal and regulatory aspects to which they are subject.
III. Guidelines
- Protect the Company’s operations by reducing incidents and impacts on stakeholders and ensuring that all services are available, from the standpoint of capacity, continuity and monitoring of IT, networks and processing.
- Ensure that the set of IT projects, services and processes remain cost-effective, keeping the Company’s portfolio of IT projects up to date by monitoring and controlling costs, deadlines and resources.
- Ensure the integrity of our services by adhering to the best coding practices practiced in the market, carrying out comprehensive testing and implementing robust quality management practices in software development.
- Manage the Company’s IT and Projects areas, educating and training teams, improving system development processes and methodologies to make IT deliveries more agile and customer-oriented.
- Provide information for strategic decision-making and alignment of the IT and Projects areas to the business, through the development of capture solutions, new platforms, best Software Engineering and Architecture practices, indicator panel, project portfolio, integrated IT processes and solutions perspectives.
- Ensure compliance and reliability of the services infrastructure provided by the company through best practices, international standards and/or certifications, periodically controlling and following up on recommendations and requirements.
- Ensure the continuity of the organization’s operations in the event of extended unavailability of the resources that support the performance of such operations (equipment, information systems, facilities, people and data), following the guidelines contained in the Corporate Business Continuity Management Policy.
IV. Consequence Management
Employees, suppliers or other stakeholders who observe any deviations from the guidelines of this Policy may report the fact to the Ethics Channel through the channels below, with the option of anonymity:
- canaldeetica.com.br/cielo
- Toll-free number: 0800 775 0808
Internally, non-compliance with the guidelines of this Policy gives rise to the application of accountability measures to the agents that fail to comply with it, according to the respective severity of the non-compliance and as per internal regulations, and is applicable to all persons described in the item “Scope” of this Policy, including the leadership and members of the Executive Board.
V. Responsibilities
- Administrators and Employees: Observe and ensure compliance with this Policy and, when necessary, call the Executive Vice President of Business and Technology for consultation on situations involving conflict with this Policy, or upon the occurrence of situations described herein.
- Executive Vice President of Technology and Business: Comply with and enforce the guidelines set forth in this Policy, keep it updated to ensure that any changes to its guidance are incorporated hereto, and clarify doubts regarding its content and application.
VI. Additional Documents
- Company Code of Ethics;
- Corporate Business Continuity Management Policy; and
- Internal standards that are constantly improved, approved by the competent approval authority, and provided to all Employees.
VII. Concepts and Acronyms
- Affiliates: Companies in which the investor has significant influence, under the terms of article 243, paragraph 1 of the Corporations Law.
- Subsidiaries: Companies in which the Company, directly or indirectly, holds partner or shareholder rights that assure it, on a permanent basis, preponderance in the corporate decisions and the power to elect the majority of the managers, under the terms of article 243, paragraph 2 of the Brazilian Corporation Law.
- Stakeholders: All relevant target audiences with interests pertinent to the Company, as well as individuals or entities that assume some type of risk, direct or indirect, with respect to the Company. Among others, the following are highlighted: Shareholders, investors, employees, society, clients, vendors, creditors, governments, regulatory bodies, competitors, press, associations and class entities, users of electronic means of payment, and non-governmental organizations.
VIII. General Provisions
Cielo’s Board of Directors is responsible for amending this Policy whenever necessary.
This Policy takes effect on the date of its approval by the Board of Directors and revokes any contrary documents.