1. Introduction
FUTURUM CAPITAL GESTÃO DE ATIVOS LTDA. ("Futurum") understands that information security is everyone's responsibility, including its members — partners, directors, employees, collaborators, and administrators.
This policy aims to protect the company's confidential and privileged information, such as data about activities, investments, and assets, minimizing threats and ensuring the security of everyone, according to Futurum's risk profile and business model.
2. Access Controls and Physical Security
Futurum's facilities are protected by entry controls that ensure the safety of its members as well as the confidentiality, integrity, and availability of information.
3. Data and System Monitoring
The Compliance Director (or a designated person) is responsible for monitoring the use of data and systems to detect unauthorized access. This monitoring will be conducted by sampling and will include:
Access to websites, blogs, photologs, webmails, and emails (sent and received).
Phone calls made or received through Futurum's lines.
Access to the office, desktops, folders, and systems to verify adherence to access restriction rules.
Furthermore, the Compliance Director may take additional measures to ensure the effectiveness of security procedures.
4. Incident Management
Any suspicion of infection, unauthorized access, network compromise, or leakage of confidential information must be reported immediately to the Compliance Director. He will assess the situation and determine the need to notify:
Administration.
Regulatory agencies or public security.
Affected clients or investors.
5. Response to Security Incidents
The response to security incidents will be coordinated by the Compliance Director, following these criteria:
Incident assessment: Determine the type of occurrence (malware, intrusion, identity theft) and the extent of the damage.
Identification of affected systems: Disconnect or disable compromised systems.
Definition of roles and responsibilities: Assign tasks to the appropriate team.
Recovery and restoration: Assess the need to restore affected services.
Notification: Decide whether it is necessary to notify internal and external parties, such as clients and authorities.
Publication: Assess the need to disclose the incident to the market, according to regulations, to ensure transparency.
Financial responsibility: Define who will bear the losses after the investigation.
6. Monitoring and Access Control
The Compliance Department monitors security policies and applies sanctions in cases of violations. Access to Futurum's systems is restricted and defined by profiles, according to each member's role.
Annually, domain administrators must:
Verify the identities of users against human resources records.
Request re-certification of the user list.
Maintain records of all recertifications and control actions.
7. Insider Information
Futurum members must inform the Compliance Department immediately if they receive any unauthorized insider information, whether in their normal activities or from external sources.
Monthly, the Compliance Department will create a list of these situations and maintain a permanent file of all reported conflicts.
8. Combating Money Laundering
To prevent money laundering crimes, Futurum offers annual training to all members. This training addresses the prevention of the entry of illicit funds and the procedures for client registration ("know your client"). In case of doubts, the Compliance Department should be consulted.
9. Use of Removable Media
The use of removable media (such as CDs, DVDs, and USB drives) in the company's facilities is expressly prohibited to protect Futurum's information.
10. Policy Coordination
The Compliance Director is responsible for coordinating all activities related to this policy, including its review, testing, and training of members.
Heloísa Lourenço Ishii Administrator
