General Policy

General Guidelines of the Policy on Information Security and Cybersecurity:

On April 20, 2022, the Policy on Information Security and Cybersecurity was reviewed by the Board of Directors and subsequently published on the Investor Relations website of Cielo S.A.

Cielo S.A. (“Cielo” or “Company”) offers to all its clients services and solutions that simplify and boost their business, coupled with cutting-edge technologies and best-class market practices, continuously investing and evolving to ensure the security in the use of all products of the brand.

Cielo works with a solid corporate governance structure that has processes and guidelines that ensure the cornerstones of information security, confidentiality, integrity and availability of all information, ensuring its protection, whether internal, customer or partner information.

Additionally, Cielo S.A. has controls focused on ensuring the security of business processes, data and information throughout their life cycle, such as obtaining, processing, storing, transmitting and excluding them, in compliance with the following principles and guidelines:

  • Establishing that, regardless of the way presented, shared or stored, the information assets must be used only for their duly authorized purpose and are subject to monitoring and auditing

  • Establishing that all information assets owned by Cielo must have a person in charge for them and must be properly classified based on criteria established in a specific regulation and duly protected from any risks and threats that may compromise the business.

  • Regarding security measures, adopting procedures and controls to reduce the Company’s vulnerability to cyber incidents and meet its Cybersecurity’s purposes, including: authenticating, encrypting, preventing and detecting intrusions, preventing information leaks, periodically testing and scanning to detect vulnerability, protecting against malicious software, establishing traceability mechanisms, having access controls and segmenting the computer network and keeping backup copies of data and information, in accordance with current internal regulations.

  • Registering, analyzing the cause and impact and controlling the effects of incidents relevant to the Company’s activities, including the information received from companies providing services to third parties.

  • Carrying out actions to prevent, identify, record and respond to security incidents and crises involving Cielo’s technological environment that may compromise the pillars of information security or generate image, financial or operational impacts. The definition of relevance of incidents in the technological environment follows a corporate risk standard established in a specific regulation.