Information Security Policy

Information Security Policy

To maintain our excellent level of service as a strategic partner for our clients, the security of the personal information and data we hold is our utmost priority.

This commitment is embedded in our Information Security Policy, based on the following principles:

  • Personal information and data under our responsibility regards information and data that is treated, physically or digitally stored, and processed in the IT systems and infrastructure at the locations our professionals use;
  • Irrespective of the position, role, area, or privileges granted to professionals, the privacy and security of personal information and data must remain secure. Professionals must always seek to:
    • Keep the information confidential, ensuring that it is only accessed when truly necessary and solely by authorized people;
    • Ensure the integrity, accuracy, and completeness of the information, as well as the methods used to process it; and
    • Ensure that the information is available to authorized people who depend on it.
  • Compliance with all legal obligations determined in applicable laws, in order to meet regulatory and contractual requirements relevant to our professionals’ activities;
  • Respect for Mattos Filho’s Code of Ethics and Conduct when processing personal information and data.

All of our people are responsible for ensuring the security of personal information and data under our responsibility. They must report any circumstance that may expose it to any risk so that we can continuously improve our security methods and procedures and our Information Security Management System (SGSI).



External information security policy – Supplementary documents


Information Management Policy
Outlines how the firm handles all aspects of the information cycle, including collection, content classification, sharing, storage, retention, and deletion.

Identity and Access Management Policy
Describes how the firm manages its employees’ and third parties’ physical and digital access to information, including facilities, system access, remote access, and more.

Cybersecurity Policy
Outlines how the firm manages equipment and communication channels to ensure information security resources are operating at optimal levels and are monitored in real time.

Information Security Policy – Supplier Relations
Describes how the firm handles risks associated with third parties that interact with Mattos Filho, including agreements and legal requirements.

Information Security Continuity Procedure
Outlines how the firm maintains its strategic and operational framework to respond to process-related disruptions.

Internal Data Protection Governance Policy
Outlines how the firm manages its data privacy program in relation to data subjects.

Audit and Compliance Policy
Describes how the firm manages its Security, Privacy, and Business Sustainability programs to ensure they comply with other Mattos Filho rules and policies.

ISO27001 Certification

We continue to invest in initiatives, training and improvements that bring us up to date with the best market practices for protecting data that is essential to our business and that of third parties. As a result of our efforts, we have been granted ISO27001 certification, an international standard that recognizes companies with stable and mature information security practices and processes.

2022 Annual Report

The 13th edition of its Annual Report, a publication that outlines the firm’s key initiatives in 2022. The report highlights Mattos Filho’s brand repositioning in marking its 30th anniversary, providing details on efforts related to people management, diversity, equity and inclusion, local and international operations, as well as business, innovation, and technology initiatives.

Click here to learn more

Stay in touch

Get first-hand access to legal analysis from our specialists in different sectors through texts and podcasts. Stay on top of the main issues that impact your business.