The purpose of this document is to present the security items and protocols adopted at CEMSA, ensuring the protection of sensitive data of clients and users of the platform and applications.

Protection of Sensitive Data:

Before being stored on our servers, we implement the SSE-S3 method to encrypt all sensitive data stored in our system. SSE-S3 uses encryption to protect data at rest, ensuring that even under attack and attempts to access servers without authorization, the data remains inaccessible and protected.

In addition, for data in transit, we use secure communication protocols (TLS/SSL) to encrypt all data transfers between applications, platform, and servers. These practices ensure that sensitive information such as personal data, financial information, and trade secrets are protected against interception and unauthorized access during transmission.

All access to data is strictly controlled by access policies defined and managed by CEMSA, in accordance with the Lei Geral de Proteção de Dados (LGPD). This ensures that only authorized individuals, such as the person themselves or their doctor, have access to the information.

Daily backups are performed following server security rules to ensure data availability and integrity in case of failures or restoration needs, always maintaining encryption of this data.

Activities within cloud environments are continuously monitored by CEMSA, allowing the identification of abnormal usage patterns, unusual traffic spikes, or any suspicious activities that may indicate a potential security breach. This constant surveillance enables us to respond quickly to potential threats, mitigating risks before they can significantly impact our systems or sensitive data.

Cloud Services:

For access control to cloud services, we utilize Identity and Access Management (IAM), which is essential for securely managing who can access resources. IAM allows us to assign specific permissions to users, groups, and roles, ensuring that only authorized individuals or services have access.

Additionally, we have implemented an audit trail that meticulously records all activities conducted in our cloud environments. This trail not only monitors who did what, when, and where, but also plays a crucial role in detecting unauthorized activities and investigating security incidents. Audit logs are monitored by the project manager at CEMSA, ensuring the ongoing security of our services.

Server Operations:

All operations related to server management are exclusively conducted by the project manager at CEMSA, ensuring the confidentiality of data and reinforcing the security of shared information. The server holds an extensive set of compliance certifications, ensuring that all services provided meet the most stringent globally recognized security standards.

Operation via APPs:

All operations related to data input and message viewing require the user to be logged in and active in the system. No sensitive data is stored on the device running the application.

Operation via CEMSAWeb Platform:

All operations related to data input, message viewing, and report access require the user to be logged in and active in the system. If the platform is not actively used by the user for a certain period, the platform requires re-login. No sensitive data is stored on the device accessing the CEMSA platform, and users have the right to export their reports and keep them under their care after export in the desired format.

Incident Response:

According to the provisions of the Lei Geral de Proteção de Dados (LGPD), following any security breach on our servers, CEMSA customers are promptly notified of the incident, receiving full details about what occurred. In case of data loss or breach, a backup process is immediately initiated to ensure that the system is restored and fully operational within three hours.

Information:
Contact: ti@cemsa.com.br