In today's high-tech and interconnected world, threats come from both within the enterprises themselves as well as from external sources (hackers, competitors and so on). By establishing an information security and cyber security policy, the Banco Sumitomo Mitsui Brasileiro S.A. (“SMBCB”) aims to minimize its risks and show due diligence to its stakeholders.
The SMBCB places great importance upon ensuring that information security risks that may impact the business are being appropriately managed. Therefore, a formal risk management approach is used, which includes the identification, assessment, mitigation and monitoring of information security and cyber security risks.
Principles of Information Security
The SMBCB is committed to the proper handling of data, of customers and general public, which is based on the following principles:
Confidentiality: We ensure that access is made only by authorized persons and when necessary;
Availability: We ensure that authorized persons have access to information when necessary;
Integrity: We ensure the accuracy and completeness of the information and methods of its processing, as well as transparency in dealing with the public involved.
SMBCB’s Information Security Process
- Information asset management;
- Information Sensitivity Classifications & Labelling;
- Access Management;
- Risk Management;
- Information and Cyber security incident Detection and Response;
- Awareness in Information Security and Cyber Security;
- Physical security;
- System Development & Security in Application Systems; and
- Cyber Security
