Information Technology Policy

Review History

Version: Date of Review: History: 
1 06/03/2013 Document creation
2 06/08/2015 Inclusion of items Scope (II), Additional Documentation (III), Concepts and Acronyms (IV), Responsibilities (V) and Outcome Management (VII).
3 08/24/2017 Update of items I. Objective, II. Scope, III. Additional Documentation, IV. Concepts and Acronyms, V. Responsibilities and all sub-items of VI. Guidelines;
Inclusion of item VIII. Miscellaneous.
4 10/29/2019 Updating item II. Scope, V. Responsibilities, VII. Concepts and Acronyms and VIII. General Provisions.

 

I. Purpose

Establishing the guidelines to leverage and support Cielo’s business purposes and strategies by managing the IT’s project portfolio and managing its technology structure with efficiency, quality, and security, ensuring long-term sustainability.

II. Scope

All members of the Management (officers, members of the Board of Directors and members of the Advisory Committees), members of the Fiscal Council and employees of the companies Cielo S.A., Servinet Serviços Ltda., Aliança Pagamentos e Participações Ltda. and Stelo S.A.

All of the Company’s Subsidiaries must establish their directives based on the guidance provided in this Policy, considering the specific needs and legal and regulatory aspects to which they are subject.

Regarding the Affiliated Companies, the Company’s representatives working in the Management of Affiliated Companies should make efforts to set their directive based on the guidance provided for in this Policy, considering the specific needs and legal and regulatory aspects to which they are subject.

III. Guidelines

1. Protecting Cielo’s operations by reducing incidents and impacts on the public that has a relationship with the Company and ensuring that all services are available from the standpoint of IT, network and processing capabilities, continuity and monitoring.

2. Ensuring that the best value for money is obtained from the set of IT projects, services, and processes, keeping Cielo’s IT project portfolio up to date, monitoring and controlling delivery costs, deadlines, resources, and quality.

3. Managing Cielo’s IT and Projects area by assimilating and empowering teams, improving systems development processes and methodologies to make IT deliveries faster and more focused on the client.

4. Providing information for strategic decision-making and aligning the IT and Project areas to the business, by advancing capture solutions, new platforms, best practices of Software Engineering and Architecture, indicators panel, project portfolio, integrated view of IT processes and solutions.

5. Ensuring the compliance and reliability of Cielo’s infrastructure of services through good practices, international standards and/or certifications, periodically monitoring recommendations and requirements.

6. Ensuring the continuity of the organization’s operations in case of prolonged unavailability of resources to support these operations (POS, information systems, facilities, people and information).

IV. Management of Consequences

Employees, suppliers or other stakeholders who see any deviations from the guidelines of this Policy, may report the fact to the Ethics Channel (www.canaldeetica.com.br/cielo or 0800 775 0808), anonymously or not.

Internally, noncompliance with the guidelines of this Policy will lead to the application of accountability measures against agents who fail to comply, according to the due severity of the noncompliance.

V. Responsibilities

  • Members of the Management and Employees: Observing and ensuring compliance with this Policy and, whenever necessary, seek the Vice Presidency of IT and Projects for its opinion on situations involving conflict with this Policy or due to the occurrence of situations described therein.
  • Executive Vice Presidency of IT and Projects: Complying with and enforcing the guidelines set forth herein, keeping them updated to ensure that any change in Cielo’s management is incorporated and clarifying doubts relating to its content and application.

VI. Additional Documents

VII. Concepts and Acronyms

  • Stakeholders: All relevant stakeholders with interests in the Company, or also individuals or entities assuming any type of direct or indirect risk against the company. Amongst others, we point out: shareholders, investors, employees, society, customers, suppliers, creditors, governments and regulators, competitors, media, associations and professional associations, the user of the electronic means of payment and non-governmental organizations.
  • Affiliated Companies: Companies in which the Company holds 10% (ten percent) or more of their capital, without, however, having control over them, pursuant to Article 243, Paragraph 1 of the Brazilian Corporation Law.
  • Subsidiaries: Companies in which the Company, directly or indirectly, holds rights as partner or shareholder, which permanently guarantee to the Company the preponderance in business resolutions and the power to elect the majority of the members of the Management, pursuant to Article 243, Paragraph 2 of the Brazilian Corporation Law.

VIII. General Provisions

Cielo’s Board of Directors is responsible for amending this Policy whenever necessary.

This Policy takes effect on the date of its approval by the Board of Directors and revokes any contrary documents.