Allsan Information Security Policy

Allsan

OBJECTIVES

Establish guidelines that allow employees and contractors of GRUPO A&E BRASIL - ALLSAN ERCON to follow standards of behavior related to information security that are appropriate to the business and legal protection needs of GRUPO A&E BRASIL - ALLSAN ERCON and the individual. Guide the definition of specific information security standards and procedures, as well as the implementation of controls and processes to meet them. Preserving GRUPO A&E BRASIL - ALLSAN ERCON information in terms of:

  • Integrity: guarantee that the information is kept in its original state, in order to protect it, during storage or transmission, against undue, intentional or accidental alterations.
  • Confidentiality: ensuring that access to information is obtained only by authorized persons.
  • Availability: ensuring that authorized users gain access to information and the corresponding assets whenever necessary.

COMPUTERS AND RESOURCES

Each employee and subcontractor will be fully responsible for any loss or damage suffered by or caused to GRUPO A&E BRASIL - ALLSAN ERCON and/or third parties as a result of failure to comply with the guidelines and standards set out herein.

The equipment available to employees and subcontractors is the responsibility/property of GRUPO A&E BRASIL - ALLSAN ERCON, and it is up to everyone to use and handle it correctly for the activities of interest to the company, as well as to comply with the recommendations contained in the operating procedures provided by the department responsible.

Any physical or logical maintenance, installation, uninstallation, configuration or modification procedure is prohibited without the prior knowledge and approval of a technician from the IT Support Team or whomever they determine.

The systems and computers have their antivirus software versions installed, activated and updated permanently. If you suspect viruses or problems with functionality, please contact IT immediately.

Personal files and/or files not pertinent to the business of GRUPO A&E BRASIL - ALLSAN ERCON (photos, music, videos, etc.) should not be copied and/or moved to the network drives, as they may overload the storage on the servers. If the existence of these files is identified, they will be permanently deleted without prior notice to the user; this occurrence will be reported to the user and their immediate superior, for the adoption of the disciplinary measures applicable to the case.

When using computers, equipment and IT resources, certain rules must be observed.

  • It is forbidden to open or handle computers or other IT equipment for any type of repair that is not carried out by a technician from the IT Support Team or by a third party duly contracted for the service.
  • Employees or contractors must maintain the configuration of the equipment made available by GRUPO A&E BRASIL - ALLSAN ERCON, following the appropriate security controls required by the Information Security Policy and the specific rules of GRUPO A&E BRASIL - ALLSAN ERCON, assuming responsibility as the holder of information.
  • All computer terminals must be password-protected (locked) when not in use.

We have added some situations in which the use of computers and technological resources of GRUPO A&E BRASIL - ALLSAN ERCON is prohibited:

  • Attempting or gaining unauthorized access to another computer, server or network.
  • Bypassing any security systems.
  • Accessing confidential information without explicit authorization from the owner
    and/or the competent authority.
  • Secretly monitoring another person using electronic devices or software, such as packet analyzers.
  • Interrupting a service, servers or computer network by any illicit or unauthorized method.
  • Use any type of technological resource to commit or be complicit in acts of infringement, sexual harassment, disruption, manipulation or suppression of copyright or intellectual property without the proper legal authorization from the owner;
  • Hosting pornography, racist material or any other material that violates the legislation in force in the country, morals, good customs and public order.

IDENTIFICATION

Identification devices and passwords protect the user's identity, preventing one person from impersonating another before GRUPO A&E BRASIL - ALLSAN ERCON or third parties.

Using someone else's identification devices and/or passwords is a crime under the Brazilian Penal Code (art. 307 - false identity). The aim of this rule is to establish responsibility criteria for the use of identification devices and it must be applied to all employees.

Any personal identification device, therefore, may not be shared with other people under any circumstances.

If a login is shared by more than one employee, the responsibility towards GRUPO A&E BRASIL - ALLSAN ERCON and the law (civil and criminal) will lie with the users who use it. Only if the coordinator's knowledge and/or request for shared use is identified should it be
responsible.

Visitors, trainees and service providers, whether individuals or companies, must be clearly identified. When first accessing the local network environment, users must immediately change their password in accordance with the guidelines provided by IT.

It is the responsibility of each user to memorize their own password and to protect and safeguard the identification devices assigned to them.

Passwords should not be written down or stored in electronic files (Word, Excel, etc.), understandable by human language (not encrypted); they should not be based on personal information, such as your own name, family members' names, date of birth, address, license plate number, company name, department name; and they should not be made up of obvious keyboard combinations, such as "abcdefgh", "87654321", among others.

After 3 (three) access attempts, the user's account is blocked. In order to unblock it, the user must contact IT, who will establish a process for renewing the password.

Users can change their password, and should be advised to do so if they suspect that third parties have gained improper access to their login/password.

All access must be blocked immediately when it becomes unnecessary.

Therefore, as soon as any employee or service provider is dismissed or requests to be dismissed, they should immediately inform Human Resources Management, which should then inform the person in charge of the IT Support Team, so that the appropriate measures can be taken. The same applies to users whose contract or service provision has been terminated.

INTERNET

The unauthorized use, installation, copying or distribution of copyrighted, trademarked or patented software on the Internet is expressly prohibited. Any unauthorized software downloaded will be deleted immediately.

As a general rule, sexual material may not be displayed, stored, distributed, edited, printed or recorded in any way.

Employees or contractors may not use GRUPO A&E BRASIL - ALLSAN ERCON resources to deliberately spread any type of virus, worm, trojan horse, spam, harassment, disturbance, etc.

FINAL PROVISIONS

Like ethics, security must be understood as a fundamental part of the internal culture of GRUPO A&E BRASIL - ALLSAN ERCON. In other words, any security incident is perceived as someone acting against the ethics and good customs governed by GRUPO A&E BRASIL - ALLSAN ERCON.

en_USEnglish
pt_BRPortuguês do Brasil en_USEnglish
Scroll to Top