Security

Security is a value lived daily in Atlas

Security is one of the values that make up Atlas' organizational culture. This means that the integrity and confidentiality of your information is one of the daily priorities of all our employees. Every decision made takes that into consideration.

Segurança é um valor vivido diariamente na Atla

Large companies choose Atlas platforms

Atlas meets the highest information security requirements

The Security team uses the main frameworks of cybersecurity, with CIS Controls, which in addition to being known by the high criteria, is adopted by the largest financial organizations in the world. The team is divided into several initiatives aimed at raising awareness of employees and customers, mitigating risks, protecting information, measuring maturity and defining a strategic cybersecurity plan.

Blue Team

It is responsible for defending and anticipating attacks, as well as for the security of the organization's entire operational infrastructure. Its functions include risk mapping, containment and response to incidents, and operational security.

Red Team

It seeks to actively find vulnerabilities in the application that can be exploited for malicious purposes. This team uses attack techniques with authorization from the organization and maps the weaknesses to be corrected.

Governance Security (White Team)

Maintains the security standards required by external and internal auditors and business policies and requirements. This is a team that organizes, plans and monitors the progress of other teams. The White Team promotes training, courses and tests for employees, as well as defining rules of engagement.

Application Security (Orange Team)

Team responsible for training and evaluating developers in the creation and maintenance of secure code. Its goal is to keep Atlas professionals up to date on developing cybersecurity best practices.

Atlas certifications and their servers

ISO 27.001, 27.701, 27.017, 27.018
ISO 22,301, 20,000 and 9,001
SSAE16, SOC I, II e III
CSA STAR Gold level

A company 100% committed to compliance and integrity

Compliance is a powerful instrument to enforce ethics, through which limits are respected and the sustainability and perpetuity of the organization is sought. Therefore, Atlas has a Risk and Compliance team dedicated to managing controls to ensure the organization's compliance with applicable laws, standards, policies and codes. This area operates aiming at compliance, integrity and risk prevention.

The three lines of defense in risk management

The Compliance and Risk Management structure acts to ensure that the Company's processes, operations and decisions are carried out in accordance with legal principles, mission and values of the company, transparency and effectiveness in resolving conflicts and irregularities, and always in partnership with other Areas of the organization. To achieve compliance, integrity and prevention objectives, Compliance uses the strategy of the three lines of defense, defining, in each one, roles and responsibilities for risk prevention and management.

01

First line of defense

In the first line, employees with specific technical knowledge are responsible for the execution of procedures, identification and monitoring of risks, with the survey of indicators and implementation of measures to mitigate risks. Here here are the primary responsible the primary 'responsible' for the risks, since it is on this front that the first barriers to the materialization of risks of the most varied natures must be found.

02

Second line of defense

This second instance is represented by the area of risk and Compliance, which establishes the methodology, tools, controls and orientation, aiming at the effectiveness of the first line of defense of this method.  Here are supervised the controls, prioritizations and measures implemented in the first line of defense.

03

Third line of defense

The last line is the internal audit, which investigates the support of risk mitigation by the structure of governance and the efficiency of internal controls, identifying the optimizations to be implemented for the continuous improvement of the compliance program. The third line, therefore, is where assessments are carried out with a greater level of independence and objectivity to ascertain failures and vulnerabilities in processes and operations.

You didn't find what you were looking for?

Send a message