When it comes to security, senhasegura goes above and beyond to meet the highest industry standards. We regularly invest in compliance with the most demanding and renowned regulatory requirements in the Information Security market.
Our commitment to data privacy can be seen in our certifications and compliance, including the SOC2-Type 2 Report, ISO 27001 certification, and LGPD check seal. We take pride in our adherence to major privacy regulations such as GDPR, CCPA, and LGPD.
Our security, privacy, and compliance controls have successfully passed rigorous independent evaluations by both internal and external auditors, showing our commitment to helping you achieve your goals.
senhasegura has achieved the LGPD Check certification from the consultancy Privacy Guaranteed. This certification confirms adherence to the highest level of compliance with the LGPD. This certification follows an independent external audit, evaluating our implemented measures against the minimum legal and regulatory requirements and international information security frameworks.
We comply with the world's most stringent data protection legislation. We are the first PAM solution to achieve certification through TrustArc's audit.
Our Information Security Management System (ISMS) has been certified by an independent auditor for its conformity with ISO 27001 standards, validating our information security, data privacy, and compliance policies, controls, and processes. Adherence to this standard demonstrates the effectiveness and robustness of our ISMS in ensuring the confidentiality and integrity of the data processed by our company.
The SOC 2 Type 2 report, issued by an independent auditor, certifies that senhasegura designs, implements, and operates in accordance with the AICPA's criteria for reliable service, availability, processing integrity, and confidentiality. This certification was obtained after a detailed audit of the senhasegura 360º Privilege SaaS platform, evaluating both our system and the organization of our services.
The SOC 3 Type II report, issued by independent auditors, confirms that our company has comprehensive controls and processes in place to safeguard customer data. These controls span information security, risk management, regulatory compliance, and IT operations.
SOC 3 offers several advantages:
• Public Reporting: Simplifies sharing with leads and partners, with no restrictions;
• Enhanced Reliability: Boosts confidence in our services and data protection;
• Globally Recognized Standard: Demonstrates our commitment to top-tier information security practices.
By adding SOC 3 to SOC 2, we not only solidify our position as a leader in information security within the market, but also reaffirm our unwavering commitment to the highest standards of data protection and information security.
At senhasegura, our purpose is to use technology to drive prosperity, guided by the value of Ubuntu: "I am because we are". This value permeates all business areas, demonstrating our dedication to community and collaboration. Our commitment to sustainability and transparency is evident in our environmental, social, and governance practices. These practices reflect our continuous commitment to our culture of customer focus, energy, joy, results, and change.
senhasegura is part of a group of institutions qualified by the CVE® Program (Common Vulnerabilities and Exposures) to identify, attribute and publish software vulnerabilities. As a CNA (CVE Numbering Authority),senhasegura can point out CVEs in its own products and also report cyber flaws and vulnerabilities found in third-party software, which means cooperating with the global community to strengthen cybersecurity in response to growing cyber threats.
Section 889 (a)(1)(B) prohibits U.S. government agencies from contracting organizations that utilize telecommunications equipment or services provided by certain companies identified as national security risks, including Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company. After a thorough and meticulous review, our company certifies that it does not use telecommunications equipment or services from the listed companies, nor incorporates any technology, system, or infrastructure dependent on these solutions.
We adhere to key privacy legislation and implement necessary measures to demonstrate our ongoing dedication to safeguarding the data of our customers, partners, and employees.
The GDPR (General Data Protection Regulation) is a privacy legislation implemented by the European Union in May 2018. Its main objective is to protect the personal data of EU citizens, ensuring that companies handle this data transparently, securely, and legally.
GDPR grants individuals more control over their personal information and places stricter responsibilities on organizations that collect and process data, regardless of geographic location. The regulation includes rights such as access, rectification, erasure, and data portability, as well as heavy penalties for non-compliance.
The CCPA (California Consumer Privacy Act) is a privacy law in the United States that took effect in January 2020. It gives Californians greater control over their personal data by allowing them to inquire about how companies collect and use their data.
Additionally, the CCPA gives consumers the right to opt out of sharing or selling their data and mandates that companies offer transparent information about their privacy practices. The law applies to businesses that meet specific size and activity requirements and imposes penalties for violations of consumer privacy.
The General Data Protection Law (LGPD) is a Brazilian law that took effect in September 2020. Inspired by the European Union's GDPR, the LGPD is designed to protect the privacy and security of Brazilian citizens' personal data.
The law establishes principles and rights related to data processing and requires organizations to obtain consent from data subjects, be transparent about data processing, and implement appropriate security measures. Additionally, the LGPD grants individuals rights such as access, correction, deletion, and portability of their data.
Find the answers you're looking for about compliance at senhasegura.