Information Security
Our comprehensive approach to security combines organizational and technical procedures to ensure privacy and maintain a robust security posture at Luby.
In the realm of information security, three critical elements guide an organization’s path: Confidentiality, Integrity and Availability. Luby prioritizes the security and protection of our customers’ and our employees’ personal information. Working with clients globally requires us to continually improve our security measures to meet contractual security requirements. Our commitment is demonstrated by the fact that, to date, we have never experienced a breach of our clients’ personal information.
In this rapidly evolving digital landscape, cybersecurity requires proactive strategies that go beyond static and reactive measures. The sophistication of digital attacks requires dynamic processes, proactive monitoring systems, and constant vigilance. All of our data security measures are properly documented and regularly updated.
We adhere to a strict information security policy that is aligned with international market standards. New practices are incorporated as needed for each client and project.
Privacy awareness is a critical aspect in today’s context and Luby is in tune with this global trend. Our commitment to information security ensures robust privacy management and provides requirements and guidance for establishing, using and improving privacy practices.
At Luby, we view security as an action, not a commodity. Annual independent penetration testing strengthens our defenses by identifying and mitigating potential vulnerabilities. Our employees are recognized as the first line of defense, echoing our security mantra of working together to make the world a safer place.
In the realm of information security, three critical elements guide an organization’s path: Confidentiality, Integrity and Availability. Luby prioritizes the security and protection of our customers’ and our employees’ personal information. Working with clients globally requires us to continually improve our security measures to meet contractual security requirements. Our commitment is demonstrated by the fact that, to date, we have never experienced a breach of our clients’ personal information.
In this rapidly evolving digital landscape, cybersecurity requires proactive strategies that go beyond static and reactive measures. The sophistication of digital attacks requires dynamic processes, proactive monitoring systems, and constant vigilance. All of our data security measures are properly documented and regularly updated.
We adhere to a strict information security policy that is aligned with international market standards. New practices are incorporated as needed for each client and project.
Privacy awareness is a critical aspect in today’s context and Luby is in tune with this global trend. Our commitment to information security ensures robust privacy management and provides requirements and guidance for establishing, using and improving privacy practices.
At Luby, we view security as an action, not a commodity. Annual independent penetration testing strengthens our defenses by identifying and mitigating potential vulnerabilities. Our employees are recognized as the first line of defense, echoing our security mantra of working together to make the world a safer place.
Incident Management
Incident management is an integral part of Luby’s security framework. A proactive approach includes root cause analysis, risk assessments, and lessons learned sessions to strengthen defenses and prevent future incidents. Logging and monitoring, facilitated by Security Information and Event Management (SIEM), provide real-time event processing and alerting.
Change Management
Luby Change Management ensures the controlled implementation of technology changes, reducing the risk of business disruption. A meticulous process includes risk assessment, categorization, approval workflows, communication and metrics.
The Company's Employees
Luby’s commitment to security begins with our people. Our values emphasize a people-oriented and customer-focused culture. Security is built into our hiring process, with careful resume review, background checks, and additional verifications for those who handle customer data. Associates undergo mandatory security awareness and privacy training upon hire, with regular updates and phishing simulation campaigns to reinforce vigilance.
Continuing education ensures that our teams stay abreast of the latest security trends, with attendance at international conferences and professional certifications.
Continuing education ensures that our teams stay abreast of the latest security trends, with attendance at international conferences and professional certifications.
Approach to Identification, Authentication and Authorization
Luby implements identity management, authentication and authorization controls. It employs Multi-factor authentication and role-based access control (RBAC) provide secure identification and authorization.
BCP and IT DRP
Luby’s Business Continuity Planning (BCP) anticipates potential threats and ensures business continuity. IT Disaster Recovery Plan, Pandemic Plan and Crisis Communication Plan further strengthen our resilience in the face of hazards.
Physical Security
Physical security measures include controlled access, 24/7 security guards, intrusion detection systems, card access to offices, facial recognition controls, and video surveillance. Server rooms have restricted access.
Privacy
Luby prioritizes the protection of personal and customer data, and complies with the US and BR regulations.
Summary
At Luby, security is not just a practice; it’s a commitment woven into our culture, processes, and technology. Our dedication to the highest standards ensures a secure environment for customer data, employees, and the company as a whole. As we grow, our focus on security and privacy remains steadfast, with continuous improvement at the core of our approach.