This document constitutes a formal statement from Docspider Software website, acerca de seu compromisso com a segurança da informação, instituindo o Sistema de Gestão de Segurança da Informação (SGSI). Todos os objetivos definidos pelo SGSI devem ser cumpridos por todos os seus colaboradores, prestadores de serviços e parceiros de negócio no desenvolvimento dos seus processos.

Information Security Objectives:

1. Ensure Basic Principles: Ensure the availability, confidentiality, and integrity of our processes, aligning them with the strategic objectives of the business.

2. Adopt Best Practices: Promote the continuous implementation of information security best practices, in accordance with applicable laws, standards, and guidelines.

3. Security Culture: Foster secure behavior among employees and partners, integrating information security principles into our products and services.

4. Customer Data Protection: Apply strict controls when handling data, protecting information security principles to safeguard our customers' data.

5. Secure System Development: Incorporate information security from the design of systems, ensuring that security aspects are integrated throughout the development lifecycle.

6. Protection Against External Threats: Develop solutions that protect our systems and information from external threats, ensuring that employees and partners operate in a secure environment.

7. Response to Technological Crises: Act swiftly and effectively when facing technological crises, minimizing impacts on information security principles.

8. Continuous Improvement: Continuously review and improve assets and the information security management system, following best governance practices.

9. Access Management: Ensure and monitor that information is accessible only to authorized persons, protecting against unauthorized access.

10. Integrity and Accuracy: Maintain the accuracy and completeness of information and processing methods, preventing the loss or alteration of critical data.

11. Information Availability: Ensure that information remains accessible and usable whenever necessary, guaranteeing operational continuity.

12. Risk Management: Continuously identify, assess, and mitigate information security risks through a proactive approach to threat management.

13. Regulatory Compliance: Ensuring that all operations comply with relevant laws, regulations, and contractual obligations.

14. Training and Awareness: Provide ongoing training to employees on secure practices and information security policies, strengthening the organization’s security culture.

15. Incident Response: Implement and maintain effective processes for responding to security incidents, minimizing impact and rapidly restoring normal operations.

16. Review and Monitoring: Conduct regular reviews and monitoring of the information security management system, identifying opportunities for improvement.

17. Protection Against Internal and External Threats: Develop and implement measures that protect the organization against attacks and failures, whether internal or external.

18. Business Continuity: Establish and maintain processes to ensure the continuity of operations in the event of failures or incidents, minimizing disruptions.