General Information Security Policy

Introduction

Mconf's mission is to foster connections and expand business through technology. Among our core values, integrity stands out as a fundamental aspect, highlighting the importance of information security in ensuring the quality and reliability of our products and providing the best working environment for our employees and partners.

We recognize that handling data and information exposes us to various levels of risk as they traverse different communication, storage, and processing channels. Therefore, it is crucial to maintain good practices and standards in line with this General Information Security Policy to ensure adequate protection levels for this valuable resource, an indispensable part of our management system.

Purpose

This document aims to formalize the guidelines of Mconf's General Information Security Policy, intending to protect information assets safely and transparently through prevention, detection, and risk reduction. This approach aligns with the business needs, complexity, and size of the company.

Furthermore, this Policy is a strategic document establishing the concepts and guidelines to promote the secure use of information assets by all Mconf employees and partners. It requires implementing multidisciplinary solutions, adhering to applicable standards and regulations, and preserving the confidentiality, integrity, and availability of information for incident resolution and decision-making procedures.

Recipients

This Policy applies to all partners, directors, managers, administrators, employees, service providers, agents, subcontractors, and any other individuals or legal entities involved, directly or indirectly, in the daily activities and business of Mconf, including customers and users of products developed by Mconf.

Principles and guidelines

For this Policy, Mconf and its recipients will adhere to the best General Information Security practices, governed by the principles of diligence, confidentiality, adequacy, availability, authenticity, protection, and continuity, along with the following guidelines:

  • Confidentiality: Only authorized users, as designated by the information manager, should have access to the information, respecting segregation of duties.
  • Adequacy: Ensure that information remains unchanged from its creation to its use. Any changes, deletions, or additions must be authorized by Mconf information management.
  • Availability: Ensure that information is always available to its owner.
  • Authenticity: Guarantee the sender's identity, ensuring non-repudiation and that the sender cannot deny authorship of the message (irrevocability).
  • Combating Cyber Risks: Continuously and diligently map and scan for cyber attack risks.
  • Protection: Safeguard information against unauthorized access, modification, destruction, or disclosure.
  • Classification: Appropriately classify information based on confidentiality, integrity, and availability criteria.
  • Adequate and Secure Resources: Ensure that resources are used only for their intended purposes and that systems and information are adequately protected.
  • Compliance with Standards: Adhere to laws regulating Mconf's activities and its operating market.
  • Information Security: Select information security mechanisms by balancing risk factors, technology, and cost.
  • Continuity: Ensure the continuity of processing critical business information;
  • Incident Reporting: Immediately report any cybersecurity incidents or non-compliance with this Policy to the responsible parties.

Mconf's objective in information security management is to ensure systematic and effective management of all aspects related to information security, supporting business operations and minimizing risks and their potential impacts. To achieve this, the board, management, and other coordinators are committed to effective management and adopt all necessary measures to ensure that this Policy is communicated, understood, and followed at all levels of Mconf.

In addition to this General Information Security Policy document, complementary policies (both public and internal) and standards are systematically applied to ensure compliance with Mconf's confidentiality, integrity, and availability requirements. The company is also available to assist employees, partners, customers, and the general public in understanding and adapting to this Policy and other complementary policies and standards.

Equally important, Mconf is committed to maintaining high-quality service standards, building solid, mutually beneficial relationships with all stakeholders, and fostering innovation while ensuring compliance with this General Information Security Policy.

Rules and procedures

Mconf is dedicated to continuously improving cybersecurity procedures, always striving to comply with legal and regulatory standards. This commitment is guided by the principles, concepts, values, and practices outlined here, aiming to ensure the confidentiality, integrity, and availability of company data.

Roles and responsibilities

All recipients and Mconf are responsible for adopting and complying with the applicable guidelines, duties, controls, and practices in this Policy. They must ensure all ethical and legal standards are met by those they work with and promptly report any violations for appropriate action based on severity.

Updates and validity

This Policy is effective from the date of its publication and availability and will be reviewed and updated periodically, at least once every 12 months.

Last updated August 2024