Meet audit and regulatory

Set of security guidelines that must be followed by companies that take card data such as number, bearer’s name, validity and CVV having their certification normally required by payment processing companies, banks and financial institutions, card service providers and, suppliers of outsourced services.

Failure to comply with PCI DSS guidelines can result in fines, penalties and potential loss of customer confidence.

Global standard for data insurance handling, evaluates how a company compromises and implements internal controls around one or more of the reliable service criteria of the American Institute of Certified Public Accountants (AICPA) in relation to availability, security, integrity of processing, confidentiality and privacy.

SOC 2 evaluation is important for any organization involved in services that require data sharing, and may even become a competitive differential against competition.

Set of recommended guidelines, standards and practices developed by the National Institute of Standards and Technology (NIST) created to help organizations improve their cyber security and strengthen resilience against cyber threats.

The NIST CSF provides a comprehensive structure that allows organizations to identify, protect, detect, respond and recover from cyber security incidents. It is flexible and can be adapted to meet the specific needs of different sectors and sizes of organizations.

Set of cyber security guidelines also developed by the National Institute of Standards and Technology (NIST) of the United States aimed at organizations dealing with information controlled by the US Federal Government, but are also applied to organizations that wish to enhance their cyber security.

The SP 800-171 focuses on the protection of controlled information, which may include sensitive data not classified but still critical for national security. It establishes a series of cyber security controls that organizations must implement to properly protect this information.

In force since September 2020, LGPD is Brazilian law that regulates how organizations should deal with personal data. LGPD establishes rights and duties regarding the processing of personal information and seeks to protect the privacy and security of individual data.

The General Data Protection Regulation (GDPR) has been in force since 2018, has established comprehensive rules for the processing of personal data throughout the European Union and in the European Economic Space (EEE) being a set of rules on privacy valid for the entire Union European but also affects people in other parts of the world, including Brazil.

Center for Internet Security (CIS) critical security controls is a prescriptive and prioritized set of recommended cyber security practices and defensive actions that can help prevent the most dangerous and disseminated attacks, in addition to supporting compliance with various models of good safety practices.

A Cloud Control Matrix (CCM) structured in 17 domains that cover key aspects of cloud technology. It can be used to systematically evaluate a cloud implementation as well as provide guidance on which safety controls should be implemented by which actor within the cloud ecosystem.

Guide to good practices that provides a business and management vision for the governance and control of corporate IT, which demonstrates the central role of IT in creating value for the organization. Using CoBIT, we can carry out a comprehensive diagnosis of IT maturity, including the following domains: top management responsibilities, planning and organization, project and change management, operations and security management, process monitoring.

Reference Guide for Good Practices in TI qualified services management.
The recommended practices in ITIL are grouped in the categories: general management practices (IT governance); Service management practices (catalog, service level, availability, incidents, problems, configuration, etc.) and technical management practices (implementation, infrastructure, etc.).

Global information security standard for the automotive industry. It combines the former Information Security Rules of the German Verband der Automobilindustrie (VDA) with ISO/IEC 27001 Appendix A (Technical Controls) as well as some Privacy requirements.

IATF develops standards and guidelines related to cyber safety in the auto industry.
The IATF 16949: 2016 standard focuses on protection against cyber threats in automotive systems, aiming to ensure safety of vehicles and passengers and incorporate guidelines such as unauthorized access to vehicle control systems, detection and response to incidents of cyber safety and the guarantee that automotive supply chain suppliers also meet these requirements.

IATA is a global association that represents commercial airlines around the world founded in 1945 that acts as an international trade entity for the aviation industry and plays an important role in the regulation, safety and efficiency of global aviation.

Good cybersecurity model developed by the Hitrust organization (USA) in collaboration with health, technology and information security organizations, combining regulations and relevant market standards such as ISO, NIST, PCI, GDPR and others in a comprehensive and flexible model of security and privacy..

Model of good cybersecurity practices developed by the UK NCSC, based on security and resilience principles defined in terms of results, ie the definition of what needs to be achieved instead of a checklist of what needs to be done.

Motion Picture Association (MPA) global initiative for content security and television content security. TPN maintains MPA Content Security Best Practices and establishes a minimum standard of security preparation. It is applicable to all sector suppliers and partners.