1. In addition to their Information Security Policy and the global cyber security program, Western Union Corretora de Câmbio S.A. and Banco Western Union do Brasil S.A. (jointly, "WU Brazil") have established within their Cyber Security Policy ("Policy") a cyber defense guide to ensure that their services and the information in their environment and the environments of third parties is handled with the best applicable safeguarding measures against virtual attacks, information leaks, criminal organizations and accidents. The Policy sets out the main guidelines for implementing and maintaining a cyber security management process, ensuring that all proprietary information and/or information under their care is protected, maintaining its privacy, integrity, availability and confidentiality, while also preventing, detecting and reducing vulnerability to cyber incidents.
2. The Policy is the responsibility of WU Brazil's Information Security area (SIRT).
3. WU Brazil bases its security controls and processes on Western Union's global information security policies, standards and processes.
4. In accordance with the applicable resolution of the Brazilian National Monetary Council, on contracting services of data processing, data storage and cloud computing, WU Brazil ensures, through its Internal Policies and Procedures, that its procedures adhere to the rules provided for under current regulations.
5. Information security incident management provides a response plan for the incident scenarios considered in the Business Continuity and Disaster Recovery Plan. The plan ensures that incidents and their respective effects are identified, contained and dealt with, in line with the process and the global incident response policy.
6. The business continuity process is implemented through the Security Policy for Business Continuity and Disaster Recovery, the purpose of this being to reduce—to an acceptable level—the impact of critical incidents and the information asset losses therefrom, by means of critical process mapping, business impact analysis and periodic disaster recovery testing. This process includes business continuity for services being carried out on the cloud and planned testing for cyber attack scenarios.
7. Through the Cyber Security Awareness Program, WU Brazil has established periodic training and adherence tests for all WU Brazil employees.