Information Security

Data are extremely important assets for companies and, consequently, different practices and controls are needed to protect them. To that end, Zenvia takes the security of its products very seriously, counting on a specialized team of Information Security and Data Privacy.

Information Security Policy

Our Information Security Policy details the guidelines applied to the company’s processes, being the main rule to support our employees.

In order to keep our guidelines aligned with business needs, our Information Security Policy is updated at least annually.

Among several points addressed in the Policy, we highlight Information Classification, Risk Management and Remote Work.

Information Security Management System (ISMS)

The Information Security Management System was structured with the aim of maintaining our Customer Experience Platform and the processes that support it in compliance with the highest standards of information security. We are ISO 27001 certified as of 2022.

Security Practices

We rely on the best international information security practices to provide secure products to our customers. Protection extends from conception to the daily support of our products.

Security controls are applied based on the three pillars of Information Security:

  • Confidentiality: Ensure that information is only accessed by duly authorized persons.
  • Integrity: Ensure that information is complete and has not been improperly modified.
  • Availability: Guarantee that information is accessible whenever needed.

Below, we list the main practices that we adhere to internally:

  • Our infrastructure and applications go through analyses of recurring vulnerabilities, including activities aimed at necessary corrections according to the level of criticality of the identified vulnerability;
  • Our products go through an annual penetration test carried out by independent consultants;
  • We perform analyses on codes and libraries in order to identify and correct possible vulnerabilities during the software development cycle;
  • Business and security go together, so we apply Security & Privacy by Design;
  • Our infrastructure uses technologies that provide perimeter protection such as firewall, WAF, anti-DDoS and IPS.
Incident Response

We monitor our environment and act quickly to respond to possible incidents.

We also have a formal procedure that allows any employee, when identifying an incident scenario, to inform the team responsible for the treatment of the incident.

The incident management process involves everything from detecting and containing the incident to generating a report and lessons learned, applying necessary corrections so that it does not happen again.

Business Continuity

We have plans in place for our products to remain available and easily recoverable in the event of a disaster scenario. Additionally, our environments are architected redundantly, eliminating single points of failure (SPoF).

Our commitment to product availability is described in our Terms of Use. Click here to access it.

Nosso comprometimento com a disponibilidade dos produtos está descrito em nosso Termo de Uso. Clique aqui para acessá-lo.

Identity and Access Management

We consider methodologies such as “least privilege” and ”need to know” throughout the life cycle of accesses at Zenvia. Our premise for providing access is to ensure that the person requesting it has a valid business need, bearing in mind confidentiality and integrity of the data involved.

Once granted, we also have controls to validate the identity of who is accessing and if the access is still valid and needed. For that, we use:

  • Multi Factor Authentication (MFA) applied to internal accesses, assuring more than just the “Something you know” factor;
  • Access reviews are carried out periodically, revoking any access that is no longer necessary;
  • We utilize a centralized access management, that is, in cases of breaking a relationship with a user, access is immediately revoked.
Acceptable Use of Assets

We consider that providing our employees with functional equipment that has appropriate security controls in place helps to protect information that can be accessed. To that end, only corporate and compliant equipment can be used to carry out business routines.

Below, we list some controls implemented on devices:

  • Antivirus to keep devices monitored and protected from threats.
  • Disk Encryption to protect information that may be stored on devices.
  • Through DLP (Data Loss Prevention) we can monitor and avoid possible irregular sharing of information.
  • For employees who are remote, we monitor web browsing through a navigation control (CASB) restricting access to inappropriate websites.

In addition, all Zenvia employees are guided on best practices for remote work, following our policies.

Suppliers Safety Qualification

In order to minimize risks that may be generated by a supplier, we carry out critical assessments at the time of hiring, and periodically on suppliers that may have access to our environment. We are always looking for partners who adopt security practices as stringent as the ones adopted by us.

Awareness Program

Information Security and Data Privacy is a duty of all employees. Therefore, we deliver constant training and initiatives focused on the subject. We also provide specific training on safe development for teams that have this responsibility. Thus, all areas work together to protect our clients’ information.

Data Privacy

We care about the privacy of our customers. All processing of personal data is carried out in compliance with applicable regulations. Read our Privacy Policy.