Korn Traduções (“Korn” or “we”) cares about respecting and protecting your privacy.
This Privacy Policy (“Privacy Policy”) is applicable to all employees, service providers, partners, and clients and is intended to present the guidelines defined and applied by Korn in the processing of your personal information.
This Privacy Policy comprises and contemplates, among other things, every personal information collection and/or processing through several channels, such as websites, applications, social networks, sales and events, or processing of data provided by partners, clients, and service providers for the provision of services.
Our Privacy Policy is based on ethics and values followed by Korn and meets the Brazilian General Personal Data Protection Law (LGPD – Law no. 13.709/2018) and the Civil Rights Framework for the Internet (Law no. 12.965/2014), which set out the principles, guarantees, and duties for the use of the Internet in Brazil.
Please, read this Privacy Policy carefully to understand how and for what purpose your Personal Data may be collected by Korn. It is important that the Privacy Policy is interpreted jointly and in accordance with any other document, contract, or privacy clause that comes with it. Korn will act as the controller of your Personal Data; that is, it is incumbent upon us to make the decisions related to Personal Data Processing.
By selecting the acceptance field of the Privacy Policy, you declare that you accept and consent to the information provided herein.
“Personal Data” means information about an identified or identifiable individual. Examples of Personal Data include full name, occupation, identification document, address, email, telephone number, education degree, IP, geolocation, vehicle information, among others.
“Processing” means every operation performed with Personal Data, such as collection, production, reception, classification, utilization, access, reproduction, transmission, distribution, processing, filing, storage, elimination, assessment or control of information, modification, communication, transfer, diffusion, or extraction;
“Subject” is a natural person related to the Personal Data subject to Processing.
Depending on the type of Subject (employees, service providers, partners, or clients) and the manner said Subject interacts with Korn, several categories of information are collected, such as:
2.1. Purpose of the Personal Data Processing
The Processing of your Personal Data may be performed by Korn in several means upon your consent, where applicable, by legal, regulatory, or contractual obligation, or otherwise. Korn may request that you provide your consent in writing, or through any means that confirms it, whenever necessary.
Your Personal Data is collected for feasibility and/or improvement of the translation services for which Korn was engaged to provide, as well as for:
Korn collects Personal Data through online forms or physical means when you, for instance, enroll in an event, sends information to apply for a position or fills out a contact form on the website.
When you register or send information to Korn, we generally request data such as your name, email, telephone number, position and company. In addition, other personal information may be received through resumés sent by you when applying for a position, through third parties, such as the company you work for, or even from public sources.
When you access our website, we collect internet standard registration data and behavior standard. Korn executes this action to gather information such as the number of visitors to different parts of Korn’s website.
We use analytics tools that help us analyze the access and use of our website. The tool uses “cookies”, which are text files located in your computer, to collect information on standard internet registration and visitor’s behavior anonymously, always with the purpose of assessing the use of the website by visitors and compile statistical reports on the activity on Korn’s website. In case of interest in knowing more about cookies, including how to control them, see the website https://www.allaboutcookies.org/
Korn’s pages or services may also use other tracking technologies, including IP addresses, registration files, and web beacons, which also help us adapt Korn’s website to your personal needs.
Korn may store your Personal Data for the time needed to meet the purposes mentioned in this policy and applicable laws and regulations, as the case may be. For determination of the method and duration of the Processing of your Personal Data by Korn, the nature of your Personal Data provided to Korn and the purpose of the Processing will be considered. Once this purpose is met, your Personal Data will be deleted.
Certified translations, also known as sworn translations, are public documents and cannot be discarded. Certified translators must keep a copy of each translation made and record it in the Registry of Commerce of the state in which they are enrolled (Decree no. 13.609/43 and Resolution of the Registry of Commerce of each State).
The elimination of data and information, when necessary, will be made through established physical or electronic elimination procedures, subject to the existing legislation and in such manner as to eliminate all evidence and copies in possession of Korn.
Korn will not sell your Personal Data, but may share or transfer them to third parties, in Brazil or abroad, for meeting the purposes set out in this policy and any court orders or decisions by any other competent authority, according to the applicable legislation. Therefore, Korn may share with or transfer your Personal Data to third parties, within or outside Brazil, in the following events:
For cases not provided for above that call for Personal Data sharing, the express authorization (consent) will be requested from the Personal Data Subject through a notice with information on the sharing.
In all events, Korn undertakes to share only the Personal Data needed for the performance of the respective purpose or meeting the respective specific order, as the case may be.
By virtue of the Covid-19 contagion prevention and control measures, Korn and/or the building where it is located may also collect personal information from its employees, service providers, and visitors, such as health history in relation to Covid-19, information on the workplace and body temperature, among others.
The services provided by Korn require the support of a technological infrastructure that may be established outside Brazil, such as cloud servers and services, which may be owned or provided by third parties. In addition, for the performance of its activities, Korn may have to share your Personal Data with third parties outside Brazil.
In such events, Korn ensures that will only engage third parties that meet the highest security standards and apply at least the same level of Personal Data Protection provided for in the Brazilian Legislation.
Korn and the third parties with which your Personal Data may be shared follow the security standards required for prevention and remediation of unauthorized access to Personal Data, employing the applicable means and recommended security standards to protect it, to the extent technically and operationally feasible.
Korn may offer links for forwarding to third parties’ websites for purposes of improving your browsing experience, information, or service provision. Korn clarifies that this Privacy Policy does not apply to Personal Data provided by you to any companies, individuals and/or organizations other than Korn. Such natural or legal persons may adopt different policies related to privacy and information of Personal Data collected by them and processed in any other manner.
Korn recommends that you check the privacy policies of such persons and/or third parties’ websites prior to providing your Personal Data.
Korn respects your privacy and cares about providing the necessary channels to enable you to exercise your rights and receive proper, clear, and transparent information on the use and processing of your Personal Data. Therefore, any request to change incomplete, inaccurate, or outdated data and/or for exclusion of data provided to Korn, including Personal Data, should be done by email to [email protected].
The request will be analyzed, and, in case it does not entail interruption of the service provision by Korn or fits within one of the events of preservation of data, performed. Should it entail interruption of the service provision, your relationship with Korn will be terminated, but the obligations resulting from the provision will remain valid and, in such event, your information and Personal Data will remain being used and processed by Korn and/or authorized third parties until the need or purposes set out in this Policy are met.
Further to the change and exclusion of Personal Data, you may also exercise the following rights upon request to Korn by email to [email protected]:
For security purposes, Korn may request additional data or information to confirm the Subject’s identity and authenticity in case of requested exercise of such rights.
The Subject may contact the company through an email to privacidade@korntraduções.com.br.
If you wish to access, change, or delete your Personal Data provided to Korn or exercise any of your rights as Data Subject, contact us through email to [email protected]. We will take the required measures and/or reply to the email within a reasonable period, according to Korn’s technical and operational feasibility. Korn may also request you to update your Personal Data periodically.
If you disagree with this Privacy Policy, wish to delete any Personal Data processed by Korn or obtain clarifications on the application of this Privacy Policy and your rights, contact us by email to [email protected]. We will be happy to clarify any doubts and/or meet your request.
Lastly, if you received communication from Korn and did not intend to receive it, notify us through the link “Unsubscribe” or send an email to [email protected].
Korn’s purpose is to answer all requests above as soon as possible.
Korn is headquartered in São Paulo – Brazil. The contact information for Korn’s Data Protection Officer is:
Av. São Gabriel, 201, conj. 1403
São Paulo – São Paulo, 04532-080
All Personal Data processed by Korn will be in conformity with this Privacy Policy and the above-mentioned purposes.
Korn reserves the right to change this Privacy Policy in full or in part at any time. The date of the latest update will be inserted in the revised Policy, as indicated below.
Refer to this Privacy Policy periodically for any changes. The use of Korn’s website or provision of Personal Data through any other means presumes your consent to this Privacy Policy.
This Policy may be revised every two years or at any time, as needed or desired by Korn, according to the approval cycle of the involved areas and authorities. An updated version of this Policy will be made duly available on this page as soon as it is completed.
Korn Traduções, aiming to establish a lasting and trustworthy alliance with its clients, employees and vendors, and with the purpose of satisfying its clients’ needs with excellence, confidentiality, integrity and availability, is committed to protecting the information it owns used in providing its services.
The establishment of an Information Security and Privacy Management System is a commitment from Korn Traduções’ senior management whose focus is:
This Policy is endorsed and complemented by the Privacy Policy, the Code of Ethics and Conduct, the Confidentiality Agreements and the Employment Contract Addendum – Change from in-person work to partial or full-time remote work (Home Office).
This Policy applies to all employees and outsourced parties who are users of Korn Traduções resources and information.
The laws listed below correlate with the policy, guidelines and Information Security standards, but are not limited to them:
Korn’s Senior Management, together with the internal areas involved, is responsible for reviewing and keeping records of applicable legislation updated and carrying out adjustment actions, when applicable.
Other interested parties in Korn’s operational chain (clients, vendors, outsourced parties, legal entities/subcontractors, among others), according to their scope and applicability, must also comply with the legislation applicable to them.
– Penal Code and provides other provisions.
For the purposes of this Policy, the following terms and definitions apply:
DOCUMENTED INFORMATION
Normative Structure
The documents that make up the normative structure are divided into 5 categories:
All processes and templates are available on the Process Portal and the records are in the Korn Traduções documents repository. All documented information that demonstrates the execution of a process must have its storage controlled with a view to its prompt retrieval.
New documents or revisions must be submitted by the managers of the areas in question for approval by senior management before being made available, according to the Documented Information process, belonging to Quality.
Printed copies of the contents of the Korn Traduções Process Portal are not considered valid and are prohibited.
The documents forming part of the structure must be disclosed to all employees, interns, young apprentices and service providers of Korn Traduções upon their admission through the company’s official means of internal disclosure, in accordance with the Korn Traduções Communication Plan, and may be made available by the current HR management software, the Process Portal and the shared documents repository, so that their content can be consulted at any time.
Any change made to the Information Security and Privacy Policy must be passed on to the CEO or Executive Board for approval. After approval, the policy must be published, and employees must be trained.
Information Classification
It is necessary to classify all information owned by Korn Traduções or in its custody, in proportion to its value to the company.
Information that makes up the ISMS must be classified into:
Information relating to employees, the Financial Department of Korn Traduções and clients’ information (registration data and documents) are always considered restricted, with access granted only to people who need them to carry out their activities and provide the contracted service. To enable adequate control of information, the access levels described in General Infrastructure and IT Procedures must be used.
INFORMATION SECURITY GUIDELINES
The following are the guidelines for Korn Traduções‘ Information Security and Privacy Policy, which constitute the main pillars of the company’s information security management, guiding the preparation of standards and procedures.
The protection of information that belongs to Korn Traduções or is in its custody is defined as necessary, being a primary factor in the professional activities of each employee, intern, young apprentice or service provider of the company:
It should be noted that the situations provided for in this Policy are not exhaustive, and it is certain that others related to the use of equipment in the workplace or doubts regarding information security may occur.
Regarding these situations, not expressly provided for in this Policy and/or in other Policies and in our Code of Ethics and Conduct, Korn Traduções counts on the common sense of its employees and if any doubts remain, the IT and HR/People Management can always be contacted with questions via emails [email protected] and [email protected].
Assessment of Information Security Risks
Korn Traduções‘ ISMS management must take actions to identify and classify the company’s Information Security risks by mapping vulnerabilities, threats, impact and probability of occurrence, as well as adopting controls that mitigate these risks with those responsible by the assets to which the risks are associated.
Necessary Competencies for Information Security
Those directly responsible for managing the ISMS must have the necessary competencies to perform their duties appropriately at Korn Traduções, thus ensuring the success of the ISMS. The required competence must:
PHYSICAL ENVIRONMENT
Access to Korn Traduções‘ physical environment is controlled and monitored. Visitors and vendors must be restricted to the reception and the meeting room, when necessary, with access to other environments being restricted. The presence of a vendor in the restricted environment is required and must be accompanied by a Korn employee at all times.
Employees and vendors are not permitted to enter after hours, except when strictly necessary and with prior authorization from senior management, and outsourced parties must always be accompanied by a Korn Traduções employee.
All details regarding access control to Korn Traduções facilities, protection against external threats, alarms, utilities (electricity, water, air conditioning and others) are described in the General Infrastructure and IT Procedures.
Vendors
Contracts signed with vendors who may have access to confidential information and personal data must have information security and confidentiality clauses. The most relevant and critical vendors, in terms of information security, who work directly with Korn Traduções receive training in the guidelines established in this policy.
CLEAN DESK AND CLEAN SCREEN POLICY
All employees, interns and young apprentices who work on behalf of Korn Traduções must be aware of and practice the guidelines and guidelines contained in this policy and they must be respected both in activities within the Korn Traduções office and in home office activities, when relevant to this modality.
The purpose of this Clean Desk and Clean Screen Policy is to ensure that data and information, in both digital and physical formats, and assets, tangible and otherwise, are not left unprotected in the workplace during their use or when someone leaves their workplace, whether for a short period, during downtime (lunch, meetings, etc.) or at the end of the working day.
Employees, interns and young apprentices must:
Cases not foreseen or that are omitted in this policy must be forwarded to the IT department.
INFORMATION TRANSFER POLICY
MOBILE DEVICES’ USE POLICY
The purpose of this policy is to establish standards for the use of mobile devices to ensure Information Security and compliance with legislation.
A mobile device is understood as any electronic equipment with mobility functions, such as laptops, tablets and cell phones, owned by Korn Traduções or private individuals, in the case of cell phones used, with the approval of senior management, to carry out professional activities related to the company.
Only computers provided by Korn Traduções must be used by employees, interns and young apprentices, and no company employee is permitted to access data on personal computers. All data must be stored in the appropriate folders on the network drive. The IT department must periodically check all existing shares and ensure that data considered confidential or restricted has appropriate access control. If there is a need to use a virtual machine, for business continuity reasons, it can be accessed through a personal computer, when authorized by Korn Traduções‘ senior management and following the IT department guidelines.
Everyone at Korn Traduções must consider information as a company asset, one of the critical resources for carrying out business.
Information Privacy under company custody
It is necessary to protect the privacy of information that is in the custody of Korn Traduções, that is, that which belongs to its clients and which is manipulated or stored in the means over which Korn Traduções has full administrative, physical, logical and legal.
The directives below reflect the institutional values of Korn Traduções and reaffirm its commitment to the continuous improvement of this process:
Creation of Access and Email Accounts for Non-Employees
The creation of access and email accounts for people who are not Korn Traduções employees is not permitted, except for interns and young apprentices.
If outsourced parties need logical access credentials to systems or tools that depend on email for their correct functioning, the employee’s manager must justify the need and request approval from Senior Management. In these cases, the outsourced party’s access must be restricted to correspondence related to the performance of their functions within the company, during business hours and in accordance with Korn Traduções‘ policies.
Korn Traduções service providers must not be part of any Korn Traduções distribution list and/or public folders that may contain information intended for employees.
Access management
All types of systems that require logical access must have formal control from the release of access to its revocation.
The IT department will carry out periodic reviews of access, which can be carried out jointly with users. Employees, interns and young apprentices must always report any abnormality or access that is not necessary for their job.
Access revocation may occur in situations where an employee is terminated according to the termination flow, change of role, termination of a contract with a vendor or request.
Applications, servers, physical access and resources must have their clock synchronized so that it is possible to carry out a careful analysis of incidents or user operations and ensure non-repudiation.
The Internet is considered an essential means of searching for information and job productivity, therefore, its use at workstations is permitted under monitoring. Such monitoring must be capable of:
The rules regarding the use of the Internet determined in the Korn Traduções Code of Ethics and Conduct must be followed.
.
Considering that most of our employees work from home, the information and applications used by Korn Traduções are on cloud servers, with Firewall protection through VPN, implemented in software to cover all equipment used both internally, both in the office and externally.
At Korn Traduções’ physical office, access to the main or wired wireless network by visitors is not permitted. If there is a need for connection, access must only be made available to the Wireless network for visitors.
The network description is detailed in the General Infrastructure and IT Procedures.
The use of removable media (such as USB storage devices, external hard drives, etc.) is prohibited. If the use is strictly necessary for some activity, the employee must justify it to the responsible manager, who will evaluate the possibility, together with the IT department, of release following the premises and needs set out in this Policy.
The exchange of information with clients or vendors must be carried out through secure channels.
CRYPTOGRAPHIC CONTROLS’ USE POLICY
Procedures to ensure the confidentiality, integrity and availability of information through the activation of information security features and the configuration of a secure communication channel must be established and maintained by the IT department. These procedures must contain rules on the effective and appropriate use of cryptographic controls to protect information.
In order to guarantee the integrity and recovery of information, the implementation of cryptographic controls that are not approved or use outdated technology by the IT department is prohibited.
Backup Management
To guarantee the integrity of systems and data, the IT department is responsible for systems that perform security copies (Backup), which are defined in this Policy and in the General Infrastructure and IT Procedures, which guarantee that:
Intellectual property
All projects, creations, deliverables and innovations created and developed internally or procedures developed by any employee during the course of their employment are the property of Korn Traduções.
Use of electronic mail (email)
The electronic mail provided by Korn Traduções is an internal and external communication tool with professional content regarding the activities carried out by employees. Messages must not compromise the image of Korn Traduções and cannot be contrary to current legislation or ethical principles.
The use of electronic mail is personal and the user is responsible for all messages sent to their address.
Employees are informed that all emails exchanged on Korn computers they use may be tracked and verified.
It is strictly forbidden to send messages that:
The rules contained in the Korn Traduções Code of Ethics and Conduct must also be followed.
Suspicious emails received (such as suspected phishing, suspected viruses in a file, among others) must be made direct contact with a member of the IT team (Do not send emails to avoid spreading the virus) so that this can be done remote access and analyze the suspicious message.
If an email is sent improperly to a recipient, compromising the information security of Korn Traduções and/or its interested parties, immediate communication must be made to the email [email protected] so that necessary actions can be taken.
Access to personal emails via Korn Traduções‘ computer is not permitted.
The email service must observe the following:
Instant Messenger
Only the use of Google Chat via the Korn Traduções login is permitted for internal communication;
Skype is permitted for organizational use only;
Communication with clients and vendors via WhatsApp Business should preferably be done through the application installed on the computer. The use of WhatsApp Business, both web and app versions, is monitored by the IT department to monitor the Input and Output of files and can be blocked according to security guidelines in force at Korn Traduções.
The use of these applications on the Korn Traduções computer must be exclusively with internal Korn Traduções contacts or with external contacts (clients and vendors) when dealing with matters related to the company.
Other applications are forbidden and, if necessary, it is mandatory to contact the ISMC for validation.
Illegal software and copyright
Korn Traduções respects the copyright of software, not allowing the use of unlicensed software. The use of illegal software (without licensing) is strictly forbidden and users are not permitted to install them, and it is necessary to contact the IT department for any type of installation (even if it is software that only needs to be copied and executed).
Periodically, the IT department will inspect data on servers and/or users’ computers to ensure the correct application of this policy. If unauthorized software is found, it must be removed from computers. Those who install such unauthorized software on their work computers are responsible to Korn Traduções for any problems or losses caused as a result of such act.
The IT department maintains evidence of ownership of software use licenses and records of the proper use of the number of licenses ensuring intellectual property rights. This item is applied according to the Asset Inventory item of this Information Security Operational Policy and respective procedures.
Korn Traduções also does not copy all or parts of books, articles, reports or other documents, other than those permitted by copyright law and without due citation of applicable references.
Disciplinary actions may occur if this item is violated and will be applied by the ISMC in accordance with the Sanctions item of this Information Security Operational Policy.
Asset Inventory
Resources must be monitored for capacity and to meet the company’s growth or information. Critical points to be monitored, such as storage space, space for database growth, and the number of computers and software licenses.
Disposal, destruction and reuse of equipment and media
All media used in the operation of ISMS processes must be stored, reused and destroyed in a safe and protected manner, such as incineration, shredding or sanitizing data. Media disposal can be done through a specialized company.
You must ensure that all sensitive data and licensed software has been securely removed or written to:
Roles and responsibilities
It is the duty of everyone – employees, interns, young apprentices and service providers at Korn Traduções – to comply with the following obligations:
Employees, interns, apprentices and service providers
It is necessary to classify all information that is owned by Korn Traduções or that is in its custody, in a manner proportional to its value to the company, to enable adequate control of it:
Information Security Management Committee (ISMC)
The Information Security Management Committee (ISMC) is a multidisciplinary group that brings together representatives from different areas of Korn Traduções, appointed by Senior Management, with the aim of defining and supporting strategies necessary for the implementation and maintenance of the ISMS. ISMC meetings are quarterly, for planning and reviewing actions, and there may be extraordinary meetings, when there is a need for urgent deliberation.
The ISMC is responsible for:
Propose adjustments, improvements and modifications to the normative structure of the ISMS, submitting it to Senior Management for approval;
Directors and Managers
It is up to each manager and director to master all the business rules necessary to create, maintain and update security measures related to the information asset under their responsibility (team or business unit), whether it is owned by Korn Traduções or a client.
Managers and directors can delegate their authority over the information asset, however, the final responsibility for its protection remains theirs.
This role is responsible for:
Immediately report to the ISMC any cases of violation of the information security and privacy policy, standards or procedures and possible corrective actions that require the involvement of the ISMC.
Korn Traduções Senior Management is committed to the information security and privacy management system and must:
The analysis must be carried out immediately after carrying out the respective audits and adequate records must be made of these analyses carried out, as well as correction and improvement actions defined in the analyses.
Quality Management Area
The Quality Management Area is responsible for:
CONTINUOUS IMPROVEMENT
INTERNAL AUDIT
All information assets under the responsibility of Korn Traduções are subject to audit on dates and times determined by the ISMC. However, if practices that do not respect the guidelines of this Policy are observed, records of problems found may be made and corrective actions will be required.
The carrying out of an audit must be approved by Senior Management and, during its execution, the rights regarding the privacy of personal information must be protected, as long as it is not stored in a physical or logical environment owned by Korn Traduções or its clients in a way that mixes or prevents access to information owned by or under the responsibility of Korn Traduções.
In order to detect anomalous information processing activities and violations of information security policy, standards or procedures, the IT department may carry out proactive monitoring and control, maintaining the confidentiality of the process and the information obtained.
In both cases, the information obtained may serve as clues or evidence in administrative and/or legal proceedings.
Internal audits are planned with a focus on analyzing compliance with all processes related to the ISMS and the results of previous audits.
Internal audits must be carried out every year by internal or external auditors who are qualified and trained and have knowledge of the ISO 27001 standard and the LGPD. There must be independence, ensuring that auditors do not audit the processes in which they are involved.
External audits must be carried out to maintain the validity of the defined certifications.
Corrective action
When non-conformities are identified in the execution of processes or during internal or external audits, they must be recorded for analysis and processing.
All registered non-conformities must have the cause identified. Actions must be taken to eliminate these causes and the effectiveness of the actions must be verified, according to the Quality Non-Conformity process.
Contact with Authorities
Contacts with authorities are consolidated in the Korn Traduções Communications Plan.
The management of contacts with authorities is the responsibility of People Management, which must consolidate, communicate and publish in a known and accessible Korn Traduções repository the list of periodically updated contacts.
Critical Analysis of the ISMS
Korn Traduções must carry out a critical analysis of the ISMS at least once a year. Such analysis must have the direct participation of Senior Management and must consider:
1) non-conformities and corrective actions;
2) monitoring and measurement results;
3) results of internal or external audits of the ISMS; and
4) compliance with information security objectives;
The outputs of critical analyses should include decisions related to opportunities for continuous improvement and any need for changes to the information security management system.
Korn Traduções must maintain documented information as evidence of the results of critical analyses by Senior Management.
Critical analysis of Technical Compliance
Korn Traduções carries out verification and critical analysis of technical compliance considering:
Any non-compliance with this Policy or any suspicions or evidence must be reported to Korn Traduções via email at [email protected] or by correspondence to:
A/C DPO
Classification: CONFIDENTIAL
Address: Av. Nove de Julho, 3384 – conj. 64/65 – Jardim Paulista, São Paulo – SP, 01406-000
Violations and Sanctions
The following situations are considered violations of information security policy, standards or procedures, and this is not an exhaustive list:
Sanctions
Violation of the information security policy, standards or procedures or non-adherence to the Korn Traduções Information Security Policy is considered serious misconduct, and the sanctions contained in the Korn Traduções Code of Ethics and Conduct may be applied: formal warning, suspension, termination of the employment contract, other disciplinary action and/or civil or criminal proceedings. Sanctions defined by the ISMC may also occur, always respecting current legislation.
The penalties provided for in the Consolidation of Labor Laws – CLT will also be observed and applied.
The main purpose of this document is to set forth the practices and commitments of all service providers with regards Korn Traduções’ information assets, as well as to raise awareness among service providers about correct use of the resources provided.
This document also includes a definition of liability regarding the actions of service providers and related disciplinary actions.
1.1 Authors
The Korn Traduções Service Provider Information Security Policy, as well as any reviews and updates, is the responsibility of the Information Security Management Committee (ISMC).
Any questions regarding the application of this policy, or suggestions for improvements and amendments can be sent to members of the Information Security Management Committee (ISMC) at: [email protected].
1.2 Disclosure and Distribution
This information security policy for service providers must be an integral part of the service provision agreement for all Information Technology service providers to Korn Traduções.
By signing the service provision agreement, the service provider recognizes they are totally familiar with and agree to the guidelines set forth herein.
1.3 Version and Review
This Policy, as well as the Guidelines and General Responsibilities of Service Providers contained herein may be reviewed, and new version must be produced, ratified, disclosed and distributed in the following cases:
All service providers are aware of their responsibilities regarding information security in line with the GDPR and undertake to follow this Policy, as well as the documents below, thus signing the commitment regarding Korn Traduções information and guidelines:
The items below describe the security guidelines related to Korn Traduções service providers.
3.1 Intellectual Property
3.2 Internet access on Korn Traduções premises
3.3 Mobile Computing
3.4 Emails
3.5 Information Handling Logic
3.6 Information Storage Logic
3.7 Access to Korn systems or equipment (On site or remote)
3.8 Use of Passwords, applicable to IT service providers
3.9 Service Provider Staff
3.10 Physical Security
Any breach of the guidelines set forth in this policy is and information security incident and must be duly recorded and analyzed by the Korn Traduções Information Security Management Committee (ISMC).
Following analysis by the committee, disciplinary measures for the service provider will be decided on, pursuant to the legislation in effect, and which may include: