How is Ubiminds Prepared to Comply with the Most Relevant Data Security Legislation?
Aware of the need to comply with ensuring the sustainability and quality of its services provided, and aligned with market demands and regulatory entities, Ubiminds is suited to meet current data security demands, starting with the Brazilian standard, the LGPD.
Content
LGPD
The General Personal Data Protection Law (LGPD), also known as Law No. 13,709/2018, is a Brazilian law that aims to protect the fundamental rights of freedom, privacy, and the free development of the individual’s personality. It was sanctioned on August 14, 2018, and came into force on May 25, 2021.
The LGPD applies to any person, natural or legal, under public or private law, who processes personal data in Brazil, including in the context of private relationships. This means that companies, public bodies, educational institutions, and any other organization that collects, stores, or uses individuals’ personal data must comply with the law.
In this sense, Ubiminds has implemented and maintains in its practices all requirements applicable to its operation required by the LGPD. These include the Security Policy and Privacy Policy, which cover recurring training, legal guidance from its vendors, and access control to its candidate records, among others.
GDPR and CCPA
In addition to complying with the LGPD, Ubiminds is also aligned with Europe’s GDPR (General Data Protection Regulation) and the Californian CCPA (California Consumer Privacy Act) in terms of the objectives and provisions of these regulations.
Even though the geographic scope of these laws differs, Ubiminds is prepared to meet the specific requirements of both GDPR and CCPA as requested by our customers.
When dealing with other legislation and information security and data processing frameworks, it is important to highlight some that most connect with the customers we usually serve.
SOC-2
First, SOC-2, an acronym for Service Organization Control 2, which is a type of independent audit report that attests to the effectiveness of security, confidentiality and data availability controls in cloud information systems. It is developed by the AICPA (American Institute of Certified Public Accountants) and is based on the Server Trust Principles, which cover five areas: Security, Confidentiality, Availability, Processing Integrity, Communication Confidentiality, and Organization Management.
In this sense, Ubiminds is prepared to also meet the requirements of SOC-2 according to client needs, granted our professionals are governed not only by our policies, but also by the policies of our clients, including compliance with the requirements of compliance with SOC-2, when needed.
ISO 27001
ISO 27001 is an international standard for Information Security Management Systems (ISMS), published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The objective of the standard is to help organizations establish, implement, operate, monitor, critically analyze, maintain and improve an effective ISMS, protecting their information assets against unauthorized access, loss, destruction, alteration or improper treatment.
In the quest to help our customers achieve this level of security, Ubiminds positions itself as a provider of labor for software development and, therefore, does not own the property nor act as a manager and store of data and information technology assets of its customers, since access to these assets is carried out remotely and controlled by our customers. In this way, we meet all the regulations and requirements that our customers request from us, thus ensuring compliance with ISO 27001 for each of them, as well as any other regulations.
FERPA
Another very important regulation is the Family Educational Rights and Privacy Act (FERPA), which is a United States federal law that protects students’ privacy regarding their educational records. The law applies to all schools and educational institutions that receive federal funds from the U.S. Department of Education.
This is a regulation that has numerous similarities with the LGPD, and Ubiminds is prepared to meet all the requirements that our customers may request for due compliance with FERPA.
AES-256
Finally, in addition to complying with various regulations, we need to be aware of the tools used to do so. Among these tools, we have AES-256, (Advanced Encryption Standard) which is a symmetric encryption algorithm that uses a 256-bit key to encrypt and decrypt data. It is considered one of the most secure encryption standards in the world and is widely used in various applications, such as: Cloud data storage, Email protection, Wi-Fi security, Data storage on mobile devices, and online data transfer.
Additional Information
Ubiminds currently has customers who use this and several other methods in order to guarantee the safe transit of data between their servers and the equipment that Ubiminders use, applying VPN configurations and other solutions installed on the machines we provide to our professionals. Our customers have full access to our equipment to promote these configurations and thus guarantee the security of their traffic.
It is evident that it would not be possible to discuss the state of the art regarding information security management in all its nuances and possibilities in just two or three pages of an article. Regardless of this, Ubiminds attests that regardless of the regulation, protocol, and technique necessary for the good management of our customers’ data, adapting to these practices is a central point for us, and we will make this happen.
UBIMINDS
| Update history | |
| v1 | May/2024 |