Compliance and Conformity

    Commitment to the most rigorous standards of security, privacy and regulatory compliance

    At NESS, compliance is not just a legal obligation - it is a fundamental commitment to our clients, partners and society. We operate under the most rigorous standards of security, privacy and regulatory compliance.

    Our compliance program covers all areas of the organization, from software development to security operations, ensuring that your data is always protected and in compliance with applicable laws.

    Compliance Frameworks

    We adhere to the main security and privacy frameworks and standards recognized globally

    LGPD

    General Data Protection Law

    Full compliance with Law No. 13.709/2018, ensuring protection of personal data and privacy of data subjects.

    • DPO (Data Protection Officer) designated
    • Processing processes mapped
    • Privacy policies updated
    • Consent management implemented
    • Response to data subject rights

    ISO 27001

    Information Security

    Information security management following international best practices ISO/IEC 27001.

    • ISMS (Information Security Management System) implemented
    • Continuous risk assessment
    • Technical and organizational security controls
    • Regular internal audits
    • Documented security policy

    SOC 2 Type II

    Service Controls

    Audited operational controls for security, availability, processing integrity, confidentiality and privacy.

    • Annual independent audit
    • Strict access controls
    • Continuous security monitoring
    • Controlled change management
    • Regular security testing

    PCI DSS

    Card Data Security

    Compliance with payment card industry security standards when applicable.

    • Segmented and protected network
    • Data encryption in transit and at rest
    • Physical and logical access control
    • Regular monitoring and testing
    • Maintained security policies

    Regulatory Compliance

    We maintain compliance with the main applicable laws and regulations

    LGPD

    2020

    General Data Protection Law - Brazil

    Full Compliance

    Marco Civil da Internet

    2014

    Law No. 12.965/2014 - Rights and duties on the internet

    Full Compliance

    Lei Carolina Dieckmann

    2012

    Law No. 12.737/2012 - Cybercrimes

    Full Compliance

    GDPR

    2018

    General Data Protection Regulation - European Union

    Prepared for compliance

    Our Commitments

    Continuous practices that ensure the maintenance of our compliance standards

    Regular Audits

    We conduct internal and external audits periodically to ensure continuous compliance with all frameworks.

    Continuous Training

    Our team receives regular training on compliance, security and data protection.

    Complete Documentation

    We maintain comprehensive documentation of policies, procedures and security controls.

    Incident Response

    Established processes for detection, response and notification of security incidents.

    Risk Management

    Continuous assessment of security and privacy risks with mitigation plans.

    Transparency

    Clear and transparent communication with clients about security and privacy practices.

    Compliance Documentation

    Privacy Policy

    How we collect, use and protect your personal data

    Terms of Use

    General contracting and service usage conditions

    LGPD and Data Protection

    Our compliance with the General Data Protection Law

    Cookie Policy

    How we use cookies and similar technologies

    Certifications

    Our certifications and compliance certificates

    Have Questions about Compliance?

    Contact us to learn more about our compliance programs and how we can help your company

    Talk to SpecialistView Certifications