Information Technology Policy

Review History

Version: Date of Review: History: 
1 06/03/2013 Document creation
2 06/08/2015 Inclusion of items Scope (II), Additional Documentation (III), Concepts and Acronyms (IV), Responsibilities (V) and Outcome Management (VII).
3 08/24/2017 Update of items I. Objective, II. Scope, III. Additional Documentation, IV. Concepts and Acronyms, V. Responsibilities and all sub-items of VI. Guidelines; Inclusion of item VIII. Miscellaneous.


I. Purpose
Leverage and sustain Cielo’s business strategies and objectives, by managing IT project portfolio and its technological structure with efficiency, quality and safety, ensuring sustainability in the long term.

II. Scope
All Management (officers, statutory or not, members of the Board of Directors, members of the Fiscal Council, members of the Advisory Committees and other managers) and employees of Cielo S.A.

III. Complementary Documentation

  • Cielo’s Code of Ethical Conduct
  • In-company rules are continuously improved, approved by appropriate authorities and made available to all employees.

IV. Concepts and Acronyms

  • Stakeholders: All relevant public with interests related to the Company, as well as individuals or entities assuming any type of direct or indirect risk towards the company. Amongst others we point out: shareholders, investors, employees, society, customers, suppliers, creditors, governments, regulatory agencies, competitors, press, professional associations and entities, users of electronic means of payment and non-governmental organizations.

V. Responsibilities

  • Management and employees: Observe and ensure the compliance with this Policy, and when deemed necessary, prompt the IT and Projects Executive Board for consultation on situations involving conflict with this Policy or by means of occurrence of the situations described therein.
  • IT and Projects Executive Board: Comply with the guidelines set forth herein, keep it updated so that to ensure that any change in Cielo’s directions are incorporated and clarify doubts referring to its content and application.

VI. Guidelines

1. Protect Cielo’s operations reducing incidents and impacts on public which maintains relationship with Company and ensuring that all services are available for this public, from the viewpoint of capacity, continuance and IT monitoring, networks and processing.
2. Ensure that better cost-benefit ratio is obtained from the set of IT projects, services and processes, keeping updated the project portfolio involving Cielo’s IT, monitoring and controlling expenses, terms, resources and quality of deliveries.
3. Manage Cielo’s IT area and Projects, raising culture and training teams, improving processes and system development methodologies to make IT deliveries more agile and concerned with customer.
4. Provide information for strategic decision-making process and alignment of IT and Projects area to the business, by evolving capture solutions, new platforms, best Soft Engineering and Architecture practices, panel of indicators, project portfolio, integrated vision of IT processes and solutions.
5. Ensure the conformity and reliability of services infrastructure provided by Cielo, by means of good practices, international standards and/or certifications, periodically controlling and monitoring recommendations and requirements.
6. Ensure the continuance of organization’s operations in the event of lengthy unavailability of resources which support the execution of these operations (equipment, information systems, facilities, personnel and information).

VII. Consequence Management
Employees, suppliers or other stakeholders who observe any deviations to the guidelines of this Policy, may report the fact to the Ethics Channel ( or 0800 775 0808), and may identify themselves or not.
Internally, the failure to comply with the guidelines of this Policy envisages the application of measures to charge the agents who do not comply with this Policy according to related seriousness of such non-compliance.

VIII. Miscellaneous
It shall be incumbent upon the Company’s Board of Directors to amend this Policy whenever it deems necessary.
This Policy shall take effect on the date of its approval by the Board of Directors and revokes any rules and procedures contrary thereto.