Data are extremely important assets for companies and, consequently, different practices and controls are needed to protect them. To that end, Zenvia takes the security of its products very seriously, counting on a specialized team of Information Security and Data Privacy.
Our Information Security Policy details the guidelines applied to the company’s processes, being the main rule to support our employees.
In order to keep our guidelines aligned with business needs, our Information Security Policy is updated at least annually.
Among several points addressed in the Policy, we highlight Information Classification, Risk Management and Remote Work.
The Information Security Management System was structured with the aim of maintaining our Customer Experience Platform and the processes that support it in compliance with the highest standards of information security. We are ISO 27001 certified as of 2022.
We rely on the best international information security practices to provide secure products to our customers. Protection extends from conception to the daily support of our products.
Security controls are applied based on the three pillars of Information Security:
Below, we list the main practices that we adhere to internally:
We monitor our environment and act quickly to respond to possible incidents.
We also have a formal procedure that allows any employee, when identifying an incident scenario, to inform the team responsible for the treatment of the incident.
The incident management process involves everything from detecting and containing the incident to generating a report and lessons learned, applying necessary corrections so that it does not happen again.
We have plans in place for our products to remain available and easily recoverable in the event of a disaster scenario. Additionally, our environments are architected redundantly, eliminating single points of failure (SPoF).
Nosso comprometimento com a disponibilidade dos produtos está descrito em nosso Termo de Uso. Clique aqui para acessá-lo.
We consider methodologies such as “least privilege” and ”need to know” throughout the life cycle of accesses at Zenvia. Our premise for providing access is to ensure that the person requesting it has a valid business need, bearing in mind confidentiality and integrity of the data involved.
Once granted, we also have controls to validate the identity of who is accessing and if the access is still valid and needed. For that, we use:
We consider that providing our employees with functional equipment that has appropriate security controls in place helps to protect information that can be accessed. To that end, only corporate and compliant equipment can be used to carry out business routines.
Below, we list some controls implemented on devices:
In addition, all Zenvia employees are guided on best practices for remote work, following our policies.
In order to minimize risks that may be generated by a supplier, we carry out critical assessments at the time of hiring, and periodically on suppliers that may have access to our environment. We are always looking for partners who adopt security practices as stringent as the ones adopted by us.
Information Security and Data Privacy is a duty of all employees. Therefore, we deliver constant training and initiatives focused on the subject. We also provide specific training on safe development for teams that have this responsibility. Thus, all areas work together to protect our clients’ information.