senhasegura: A Name You Can Trust

When it comes to security, senhasegura goes above and beyond to meet the highest industry standards. We regularly invest in compliance with the most demanding and renowned regulatory requirements in the Information Security market.

Our commitment to data privacy can be seen in our certifications and compliance, including the SOC2-Type 2 Report, ISO 27001 certification, and LGPD check seal. We take pride in our adherence to major privacy regulations such as GDPR, CCPA, and LGPD.

Conformity

Our security, privacy, and compliance controls have successfully passed rigorous independent evaluations by both internal and external auditors, showing our commitment to helping you achieve your goals.

LGPD

senhasegura has achieved the LGPD Check certification from the consultancy Privacy Guaranteed. This certification confirms adherence to the highest level of compliance with the LGPD. This certification follows an independent external audit, evaluating our implemented measures against the minimum legal and regulatory requirements and international information security frameworks.

See Our Certification
GDPR

We comply with the world's most stringent data protection legislation. We are the first PAM solution to achieve certification through TrustArc's audit.

Access Here
ISO 27001:2013

Our Information Security Management System (ISMS) has been certified by an independent auditor for its conformity with ISO 27001 standards, validating our information security, data privacy, and compliance policies, controls, and processes. Adherence to this standard demonstrates the effectiveness and robustness of our ISMS in ensuring the confidentiality and integrity of the data processed by our company.

See Our Certification
SOC 2 Type II

The SOC 2 Type 2 report, issued by an independent auditor, certifies that senhasegura designs, implements, and operates in accordance with the AICPA's criteria for reliable service, availability, processing integrity, and confidentiality. This certification was obtained after a detailed audit of the senhasegura 360º Privilege SaaS platform, evaluating both our system and the organization of our services.

Request the Report
SOC 3 Type II

The SOC 3 Type II report, issued by independent auditors, confirms that our company has comprehensive controls and processes in place to safeguard customer data. These controls span information security, risk management, regulatory compliance, and IT operations.

SOC 3 offers several advantages:

Public Reporting: Simplifies sharing with leads and partners, with no restrictions;
• Enhanced Reliability: Boosts confidence in our services and data protection;
• Globally Recognized Standard: Demonstrates our commitment to top-tier information security practices.

By adding SOC 3 to SOC 2, we not only solidify our position as a leader in information security within the market, but also reaffirm our unwavering commitment to the highest standards of data protection and information security.

View the Report
ESG Report

At senhasegura, our purpose is to use technology to drive prosperity, guided by the value of Ubuntu: "I am because we are". This value permeates all business areas, demonstrating our dedication to community and collaboration. Our commitment to sustainability and transparency is evident in our environmental, social, and governance practices. These practices reflect our continuous commitment to our culture of customer focus, energy, joy, results, and change.

Access here
Numbering Authority (CNA)

senhasegura is part of a group of institutions qualified by the CVE® Program (Common Vulnerabilities and Exposures) to identify, attribute and publish software vulnerabilities. As a CNA (CVE Numbering Authority),senhasegura can point out CVEs in its own products and also report cyber flaws and vulnerabilities found in third-party software, which means cooperating with the global community to strengthen cybersecurity in response to growing cyber threats.

Access here
Section 889 (a)(1)(B)

Section 889 (a)(1)(B) prohibits U.S. government agencies from contracting organizations that utilize telecommunications equipment or services provided by certain companies identified as national security risks, including Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company. After a thorough and meticulous review, our company certifies that it does not use telecommunications equipment or services from the listed companies, nor incorporates any technology, system, or infrastructure dependent on these solutions.

Legislations

We adhere to key privacy legislation and implement necessary measures to demonstrate our ongoing dedication to safeguarding the data of our customers, partners, and employees.

GDPR

The GDPR (General Data Protection Regulation) is a privacy legislation implemented by the European Union in May 2018. Its main objective is to protect the personal data of EU citizens, ensuring that companies handle this data transparently, securely, and legally.

GDPR grants individuals more control over their personal information and places stricter responsibilities on organizations that collect and process data, regardless of geographic location. The regulation includes rights such as access, rectification, erasure, and data portability, as well as heavy penalties for non-compliance.

CCPA

The CCPA (California Consumer Privacy Act) is a privacy law in the United States that took effect in January 2020. It gives Californians greater control over their personal data by allowing them to inquire about how companies collect and use their data.

Additionally, the CCPA gives consumers the right to opt out of sharing or selling their data and mandates that companies offer transparent information about their privacy practices. The law applies to businesses that meet specific size and activity requirements and imposes penalties for violations of consumer privacy.

LGPD

The General Data Protection Law (LGPD) is a Brazilian law that took effect in September 2020. Inspired by the European Union's GDPR, the LGPD is designed to protect the privacy and security of Brazilian citizens' personal data.

The law establishes principles and rights related to data processing and requires organizations to obtain consent from data subjects, be transparent about data processing, and implement appropriate security measures. Additionally, the LGPD grants individuals rights such as access, correction, deletion, and portability of their data.

See how our innovative solutions can transform your organization's cyber security and resilience.

FAQ

Frequently Asked Questions

Find the answers you're looking for about compliance at senhasegura.

+
How does senhasegura protect its customers’ data?
In the On-Premises solution, which is installed within the customer's infrastructure, data collection is limited to information necessary for business activities. The data is maintained in a segmented manner, and access is controlled by the department. Internal policies are enforced to ensure data integrity, including measures for loss prevention and encryption, in accordance with security standards.

In the SaaS model, senhasegura collects data related to service provision contracts, as well as some essential data for the operation of the application, such as login information. We do not collect sensitive personal data. It's important to highlight that senhasegura does not directly access the application's customer information due to the use of VPC (Virtual Private Cloud). This protected environment ensures that even the support team needs to communicate with the customer for any action that may involve data exposure. This approach reinforces the security and privacy of customer data.
+
What regulations, standards, and certifications related to Security and Privacy does senhasegura adhere to?
• LGPD
• ISO 27001
• CCPA
• GDPR
• SOC 2 Type II
• SOC 3 Type II
+
What measures have been taken to meet privacy and security requirements?
Privacy Policies and Procedures:
We have established robust policies and procedures that comply with key data privacy regulations, including LGPD, GDPR, and CCPA. These guidelines ensure transparency, legality, and respect for data subjects' rights. Additionally, we offer a direct communication channel for data subjects to exercise their rights of access, rectification, and deletion as mandated by law.

Designation of Data Protection Officer (DPO) and Communication Channel:
We have appointed a Data Protection Officer (DPO) to oversee compliance with privacy and security regulations. The DPO acts as the focal point for data protection issues and coordinates compliance activities. We have established a specific channel for privacy and data protection issues to ensure effective responses to queries and requests from data subjects.

Risk Assessment and Treatment:
We have implemented a thorough risk assessment process that includes identifying, evaluating, and addressing information security risks. This enables us to recognize potential threats and implement measures to protect user data.

Access Control and Data Encryption:
We have implemented sophisticated access control mechanisms to comply with strict ISO and SOC standards, ensuring that only authorized users have access to personal data. In addition, we have adopted advanced encryption techniques to protect the confidentiality and integrity of information during storage and transmission, significantly reducing the risk of unauthorized access. These additional measures further strengthen our information security, ensuring effective protection of sensitive data.

Information Security Policies and Employee Awareness:
We have developed comprehensive information security policies based on internationally recognized principles, such as ISO and NIST, that cover several essential aspects of data protection.

Internal Training:
We carry out regular awareness and training activities for all employees to provide information on the best security practices and procedures.

Penetration Testing:
We regularly conduct thorough internal and external penetration tests to identify and address any potential vulnerabilities in our systems and networks. This ensures that our security infrastructure is strong and resilient. Any vulnerabilities discovered during testing are promptly patched to safeguard user data and enhance the organization's security.

Supplier Evaluation:
Before entering into partnerships with suppliers, we conduct a comprehensive assessment of their information security practices and ensure compliance with data protection laws. We verify that they adhere to high security and privacy standards to safeguard user data.

Continuous Monitoring:
We not only evaluate suppliers before establishing partnerships, but we also carry out continuous monitoring throughout the collaboration period. This allows us to ensure that providers maintain high security and privacy standards over time. Any deviations are promptly identified and addressed to mitigate any potential risk to users' data.
+
How do we guarantee that our service is always available and reliable?
senhasegura Private SaaS provides a secure and reliable cloud solution hosted on Google Cloud (GCP), with dedicated virtual private clouds for each customer and robust support.

senhasegura Private SaaS offers a reliable and secure cloud solution, hosted on Google Cloud (GCP), with individual virtual private clouds for each customer and robust support. Our SLA standards guarantee high availability, while our compliance with data protection laws ensures that your data is kept secure and confidential.

We are committed to a 99.9% uptime SLA per year, ensuring uninterrupted access to our services. For details, see the Compute Engine Service Level Agreement provided by Google Cloud.
+
Does senhasegura conduct regular audits to ensure the platform complies with applicable standards?
We adopt a rigorous auditing process involving renowned external companies, which conduct audits on senhasegura multiple times a year and perform internal audits annually. This approach ensures we maintain the highest compliance, security, and privacy levels.
+
Does senhasegura help its clients obtain compliance certifications?
senhasegura helps its clients obtain various compliance certifications. Below are some of the certifications we can assist in achieving:
- ISO/IEC 27001: This international standard for information security management systems (ISMS) emphasizes the importance of controlling privileged access to protect sensitive information.
- PCI DSS (Payment Card Industry Data Security Standard): Requires strict controls over privileged access to protect payment card data.
- SOX (Sarbanes-Oxley Act): Regulation for public companies in the US that mandates robust controls over privileged access to ensure the integrity of financial information.
- HIPAA (Health Insurance Portability and Accountability Act): Requires stringent control over privileged access to protect health data in organizations in the US.
- NIST SP 800-53: A set of information security standards for US government systems that recommends managing privileged access as a critical security measure.

Implementing the senhasegura solution ensures that privileged access is adequately monitored and controlled.
For more information, you can consult our Whitepapers.
+
Is there a portal or tool to facilitate data subjects' requests and ensure compliance with these requests?
senhasegura complies with data privacy regulations such as GDPR, CCPA, and LGPD. Additionally, we offer a portal where data subjects can request various actions related to their data. The portal is available in both PT-BR and EN-US.
+
Does senhasegura conduct attack simulations and penetration tests to verify the effectiveness of security controls?
senhasegura conducts attack simulations and penetration tests regularly to verify the effectiveness of its security controls. These pentests are carried out internally and externally several times a year, ensuring a thorough and impartial evaluation of our security.
+
How does senhasegura keep its certifications updated and relevant?
Our Compliance department is continuously dedicated to analyzing the best certifications in the market, ensuring they remain relevant and aligned with the latest security practices. In addition to seeking and obtaining these certifications, we stay at the forefront of security. We conduct annual audits for each accreditation, ensuring we are always up-to-date and compliant with the most stringent standards.
+
What are the benefits of these certifications for senhasegura's clients?
Our certifications offer several benefits to senhasegura's clients, including:


- Reliability: They demonstrate our commitment to industry best practices, ensuring that senhasegura is reliable.
- Security: They guarantee that we implement rigorous measures to protect the environment, providing high security for our products and our company.
- Data Protection: They demonstrate our dedication to protecting data subjects' information, reinforcing our commitment to privacy and regulatory compliance, which are essential for ensuring digital sovereignty and user trust in our services.
These certifications testify to our ongoing commitment to excellence and security.

Ready to experience the power of senhasegura firsthand?

Contact us today to schedule a demo or meeting with our experts.
70% lower total cost of ownership (TCO) compared to competitors.
90% higher time to value (TTV) with a quick 7-minute deployment.
The only PAM solution available on the market that covers the entire privileged access lifecycle.