São Paulo/SP – September 04, 2022. Information can be considered one of the most valuable assets for any company.
*By Henrique Dutra
In the age of connectivity, access to information has become a watershed, distinguishing and defining countless situations and behaviors. Today, information can be considered one of the most valuable assets for any company: the one that has it and knows how to handle it correctly, gains not only an advantage against its competitors, but also the possibility of offering a personalized service, understanding trends, developing new technologies, discover and reinvent markets.
Organizations of all sizes and operating markets need information from collected data. A small neighborhood store that receives data from customers, suppliers, products or services can process data and add value to your business, just like a multinational that collects an extensive volume of data, evaluates market information and trends to support decision making, add value to your brand and meet the needs of your customers. In a simple analogy, Information and its correct use can be compared to a lighthouse that helps guide ships.
DATA X INFORMATION
The data can be considered telephone numbers, an address, CPF, some characteristic of a person, object or place. But data by itself needs to be treated, because data without a context has no value for an organization. When data is treated and a context is added to it, it becomes information that can be used to add value to the business.
To exemplify and differentiate data from information, we will bring an example for each. In an organization there is a spreadsheet fed with the sales data of the products offered by it. Data was obtained that sales of all products in the period were R$ 1,000,000.00 (one million reais). However, this data alone does not represent much about the organization's results, it is not possible, for example, to say if it made a profit or not in this period. Using this data and knowing that the sales target for the period in this organization was R$950,000.00 (nine hundred and fifty thousand reais), it is concluded that the organization exceeded by R$50,000.00 (fifty thousand reais ). Therefore, the data we have is the value in sales, and the information is that the organization closed the period with a profit.
INFORMATION SECURITY AND DATA PRIVACY:
From this contextualization, a constant concern is the Security of Information that are used by companies, as well as the need for protection and correct treatment throughout their life cycle, from the stage of data collection and processing to their disposal. Based on this, there are a number of frameworks and good market practices such as the ISO/IEC 27000 family of standards to support companies in structuring people, processes and technologies in order to ensure the correct treatment and protection of information.
A company that adheres and is certified in the ISO 27001:2013 standard demonstrates to the market that it has a basis and knowledge for the protection of information processing, since the standard aims to establish, implement, maintain and continuously improve the Information Security Management System. (SGSI), seeking to preserve the confidentiality, integrity and availability of information by applying a Risk Management process, providing confidence to interested parties, whether internal or external.
Additionally, there is also a concern with the privacy of personal data that are used and processed by companies. Regulations have been published worldwide to protect personal data. In Brazil, the General Data Protection Law (Law 13.709/2018 – LGPD) was enacted with a view to regulating the processing of personal data provided in physical or digital media.
In addition to observing the requirements of the ISO 27001:2013 standard and other good market practices, ensuring compliance with the requirements of the LGPD is an important step that must be taken by companies in order to protect their information and personal data that are processed in their day-to-day operations. In recent years, there has been a growing increase in cases of data leakage, cases such as the exposure of approximately 223 million CPFs and data of living and deceased people, are examples of sanctions, fines and interruption of an organization's operations. Complying with the legal aspects of the LGPD represents minimizing significant risks to the business.
FINAL CONSIDERATIONS:
As mentioned before, keeping your operation controlled and following rules and laws aimed at information security and data privacy is a tool to leverage your business in a scalable, structured and consistent way, in addition to transmitting credibility in the market, showing transparency and respect for customers. With a competitive market being one step ahead and better prepared, having mapping and traceability of data and information generated with this data, it is a difference that can add value to the business in addition to more reliability for the organization with the public, since the privacy and data treatment are issues that are taking more and more space and importance.
However, non-compliance with these general aspects of the LGPD, for example, can lead to deficits for the organization, not only such as fines, sanctions or even stoppage of its operations. As well as its image, harming the results, in addition to cases of large companies that had their operation paralyzed due to attacks in order to hijack information.
— Henrique Dutra is rainee GRC and Information Security [SAFEWAY]
How can we help?
THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.
today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.
In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law Suit, People and Technology.
through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!
