It is responsible for defending and anticipating attacks, as well as for the security of the organization's entire operational infrastructure. Its functions include risk mapping, containment and response to incidents, and operational security.
It seeks to actively find vulnerabilities in the application that can be exploited for malicious purposes. This team uses attack techniques with authorization from the organization and maps the weaknesses to be corrected.
Governance Security (White Team)
Maintains the security standards required by external and internal auditors and business policies and requirements. This is a team that organizes, plans and monitors the progress of other teams. The White Team promotes training, courses and tests for employees, as well as defining rules of engagement.
Application Security (Orange Team)
Team responsible for training and evaluating developers in the creation and maintenance of secure code. Its goal is to keep Atlas professionals up to date on developing cybersecurity best practices.
Atlas certifications and their servers
- ISO 27.001, 27.701, 27.017, 27.018
- ISO 22,301, 20,000 and 9,001
- SSAE16, SOC I, II e III
- CSA STAR Gold level
A company 100% committed to compliance and integrity
Compliance is a powerful instrument to enforce ethics, through which limits are respected and the sustainability and perpetuity of the organization is sought. Therefore, Atlas has a Risk and Compliance team dedicated to managing controls to ensure the organization's compliance with applicable laws, standards, policies and codes. This area operates aiming at compliance, integrity and risk prevention.
The three lines of defense in risk management
The Compliance and Risk Management structure acts to ensure that the Company's processes, operations and decisions are carried out in accordance with legal principles, mission and values of the company, transparency and effectiveness in resolving conflicts and irregularities, and always in partnership with other Areas of the organization. To achieve compliance, integrity and prevention objectives, Compliance uses the strategy of the three lines of defense, defining, in each one, roles and responsibilities for risk prevention and management.
First line of defense
In the first line, employees with specific technical knowledge are responsible for the execution of procedures, identification and monitoring of risks, with the survey of indicators and implementation of measures to mitigate risks. Here here are the primary responsible the primary 'responsible' for the risks, since it is on this front that the first barriers to the materialization of risks of the most varied natures must be found.
Second line of defense
This second instance is represented by the area of risk and Compliance, which establishes the methodology, tools, controls and orientation, aiming at the effectiveness of the first line of defense of this method. Here are supervised the controls, prioritizations and measures implemented in the first line of defense.
Third line of defense
The last line is the internal audit, which investigates the support of risk mitigation by the structure of governance and the efficiency of internal controls, identifying the optimizations to be implemented for the continuous improvement of the compliance program. The third line, therefore, is where assessments are carried out with a greater level of independence and objectivity to ascertain failures and vulnerabilities in processes and operations.
You didn't find what you were looking for?