Information Security

Technological capabilities strengthened and suited to protect individuals and institutions that relate to Klabin, considering the new ethical challenges arising from the development of artificial intelligence.

2030 Goal

KSDGs 2030

100% of direct and indirect employees included in the digital language necessary to accompany the cybersecurity culture, ensuring the protection of personal and Company data.

 Total number of direct employees15,03714,744
 Total number of indirect employees2,3041,596
 Trained direct employees8,3401,225
 Trained indirect employees1200
% of trained direct employees55%8%
% of trained indirect employees5%0

In 2020, we conducted several initiatives that support the fulfillment of this commitment, the main ones being:

Cybersecurity Primer and Cybersecurity Policy:
The Cybersecurity Policy and the Primer are Klabin’s official documents that guide employees on the posture, good practices and duties required to maintain Klabin’s environment with a reduced risk against cyber attacks. All of its content was developed based on the framework of the ISO27001 and IEC62443 standards, focusing on the following main topics: 1 – Classification of Information 2 – Secrecy and Privacy 3 – Work Environment 4 – Internet Access 5 – Social Media 6 – Email and Communication APP 7 – Intellectual Property 8 – Access 9 – Backup 10 – Incident.

Workshop on Cybersecurity and Privacy – LGPD:
With 1,993 participants, the content of the LGPD and Cybersecurity Workshop reflects all the initiatives that Klabin implemented in its environment and what we expect from the attitude of our employees, with tips for the corporate and personal world.

Cybersecurity video:
Launched in October 2020, the product introduces all 10 pillars of our cybersecurity program in just a few minutes:
1– Social Engineering
2 – Spam and Phishing
3 – Information Leakage
4 – Personal information (LGPD)
5 – Two-Factor Authentication
6 – Password and Biometrics
7 – WI-FI networks
8 – External Access (remote work)
9 – Social Networks
10 – Legislation and penalties

Also in 2020, the Company launched a series of internal podcasts on various subjects, called Papo Embalado [Packaged Chit Chat]. In its fourth episode, the topic of Cybersecurity was presented with specialists from the Company.

  • 418-1

Complaints concerning breaches of customer privacy and losses of customer data

Klabin has an incident management process that addresses privacy issues, as well as a platform called Privacy Manager, which manages LGPD processes. The company also has a Complaints Channel, confidential and mediated by a third party. The Channel did not register complaints related to breaches of privacy and/or loss of customer data in 2020.

  • 103-1
  • 103-2
  • 103-3

Information Security Management

The topic of information security is broad, involving physical security, technological infrastructure, applications, processes, policies, awareness, organizational training and integration between IT and automation technology, and each of these items has its own risks, potential threats, applicable controls and security solutions that can minimize the level of exposure of companies, for the purpose of guaranteeing security for their main assets: information and availability.

In 2020, Klabin’s strategic direction was to implement the ISO27001:2013 standard, Brazilian Civil Rights Framework for the Internet, LGPD, GDPR, CISP, NIST and IEC-62443 as guides and references for good practices in order to support control initiatives seeking to reduce cybersecurity risks to ensure confidentiality, integrity, availability, authenticity of information and an integrated view of the administrative and industrial environment.

Throughout this journey, we strengthened the existing controls and implemented new controls that support the Framework developed to ensure the reduction of risks mapped in 2019, always carefully weighing the responsibilities of processes, people and technology.

We have made progress in adapting the Brazilian General Data Protection Law and experienced important growth in Cybersecurity maturity.

In November 2020, the consultancy EY conducted an Assessment to score and analyze the maturity of Klabin’s Cybersecurity. The result coincided with the methodology created internally and directed the improvement opportunities to be implemented.