Luby Technology S.A. establishes its Information Security Policy as an essential part of its corporate management system. This policy is aligned with leading market practices, international standards (ISO/IEC 27001 and 27701), and Brazilian legislation. Our commitment is to ensure the proper protection of information and technology assets belonging to Luby, its clients, suppliers, and employees.
We implement security controls to safeguard the confidentiality, integrity, and availability of information. This means preventing unauthorized access, data loss, or service disruptions that could affect our business operations and client trust.
This policy is governed by the Information Security and Privacy Committee (ISPC), composed of the Data Protection Officer (DPO), the Governance, Risk, and Compliance (GRC) team, and representatives from IT and Information Security. The committee is responsible for supervising, reviewing, and ensuring the effective application of this policy throughout the organization.
All security incidents are handled in a structured manner, ensuring:
We maintain contingency and disaster recovery plans that are regularly tested, ensuring our services remain operational even in unforeseen situations.
Violations of this policy may result in proportional measures, including:
Situations not explicitly covered in this policy will be evaluated by the Information Security and Privacy Committee. The policy must be interpreted dynamically, adapting to new threats and technological developments.
Luby reserves the right to update this Policy as necessary to ensure compliance with applicable standards, laws, and industry requirements.
If you have questions or need clarification about this Policy, please contact our Data Protection Officer (DPO) at: rafael.marrocos@luby.com.br
We’re the software development consultancy
that will be a game-changer
in your growth.