Information Security Policy

    Luby Technology S.A. establishes its Information Security Policy as an essential part of its corporate management system. This policy is aligned with leading market practices, international standards (ISO/IEC 27001 and 27701), and Brazilian legislation. Our commitment is to ensure the proper protection of information and technology assets belonging to Luby, its clients, suppliers, and employees.

    How we protect information at Luby

    We implement security controls to safeguard the confidentiality, integrity, and availability of information. This means preventing unauthorized access, data loss, or service disruptions that could affect our business operations and client trust.

    Key guidelines

    • Keep information security policies and procedures up to date and accessible.
    • Promote ongoing training and awareness programs on information security.
    • Record, investigate, and remediate security incidents effectively.
    • Ensure business continuity through contingency and disaster recovery plans.
    • Continuously review and improve our controls in line with technological and regulatory changes.

    Responsibilities

    This policy is governed by the Information Security and Privacy Committee (ISPC), composed of the Data Protection Officer (DPO), the Governance, Risk, and Compliance (GRC) team, and representatives from IT and Information Security. The committee is responsible for supervising, reviewing, and ensuring the effective application of this policy throughout the organization.

    Incident prevention and response

    All security incidents are handled in a structured manner, ensuring:

    • Immediate remediation,
    • Transparent documentation,
    • Communication to impacted parties, when necessary.

    Business continuity and continuous improvement

    We maintain contingency and disaster recovery plans that are regularly tested, ensuring our services remain operational even in unforeseen situations.

    Consequences of policy violations

    Violations of this policy may result in proportional measures, including:

    • Warnings,
    • Mandatory training,
    • Temporary suspension,
    • Contract termination or legal action, depending on severity and recurrence.

    Unforeseen cases

    Situations not explicitly covered in this policy will be evaluated by the Information Security and Privacy Committee. The policy must be interpreted dynamically, adapting to new threats and technological developments.

    Updates to this policy

    Luby reserves the right to update this Policy as necessary to ensure compliance with applicable standards, laws, and industry requirements.

    Contact us

    If you have questions or need clarification about this Policy, please contact our Data Protection Officer (DPO) at: rafael.marrocos@luby.com.br