senhasegura is now Segura®!  Get to Know Our New Brand

Segura®: A Name You Can Trust

When it comes to security, Segura® goes above and beyond to meet the highest industry standards. We regularly invest in compliance with the most demanding and renowned regulatory requirements in the Information Security market.

Our commitment to data privacy can be seen in our certifications and compliance, including the SOC2-Type 2 Report, ISO 27001 certification, and LGPD check seal. We take pride in our adherence to major privacy regulations such as GDPR, CCPA, and LGPD.

Check Conformity ›

Conformity

Our security, privacy, and compliance controls have successfully passed rigorous independent evaluations by both internal and external auditors, showing our commitment to helping you achieve your goals.

LGPD

GDPR

SOC 2 Type II

SOC 3 Type II

ESG Report

Numbering Authority (CNA)

Section 889 (a)(1)(B)

ISO 27001:2022

ISO 27701:2019

LGPD

Segura® has achieved the LGPD Check certification from the consultancy Privacy Guaranteed. This certification confirms adherence to the highest level of compliance with the LGPD. This certification follows an independent external audit, evaluating our implemented measures against the minimum legal and regulatory requirements and international information security frameworks.

See Our Certification ›
GDPR

We comply with the world's most stringent data protection legislation. We are the first PAM solution to achieve certification through TrustArc's audit.

Access Here ›
SOC 2 Type II

The SOC 2 Type 2 report, issued by an independent auditor, certifies that Segura® designs, implements, and operates in accordance with the AICPA's criteria for reliable service, availability, processing integrity, and confidentiality. This certification was obtained after a detailed audit of the Segura® 360º Privilege SaaS platform, evaluating both our system and the organization of our services.

Request the Report ›
SOC 3 Type II

The SOC 3 Type II report, issued by independent auditors, confirms that our company has comprehensive controls and processes in place to safeguard customer data. These controls span information security, risk management, regulatory compliance, and IT operations.

SOC 3 offers several advantages:

Public Reporting: Simplifies sharing with leads and partners, with no restrictions;
• Enhanced Reliability: Boosts confidence in our services and data protection;
• Globally Recognized Standard: Demonstrates our commitment to top-tier information security practices.

By adding SOC 3 to SOC 2, we not only solidify our position as a leader in information security within the market, but also reaffirm our unwavering commitment to the highest standards of data protection and information security.

View the Report ›
ESG Report

At Segura®, our purpose is to use technology to drive prosperity, guided by the value of Ubuntu: "I am because we are". This value permeates all business areas, demonstrating our dedication to community and collaboration. Our commitment to sustainability and transparency is evident in our environmental, social, and governance practices. These practices reflect our continuous commitment to our culture of customer focus, energy, joy, results, and change.

Access here ›
Numbering Authority (CNA)

Segura® is part of a group of institutions qualified by the CVE® Program (Common Vulnerabilities and Exposures) to identify, attribute and publish software vulnerabilities. As a CNA (CVE Numbering Authority), Segura® can point out CVEs in its own products and also report cyber flaws and vulnerabilities found in third-party software, which means cooperating with the global community to strengthen cybersecurity in response to growing cyber threats.

Access here ›
Section 889 (a)(1)(B)

Section 889 (a)(1)(B) prohibits U.S. government agencies from contracting organizations that utilize telecommunications equipment or services provided by certain companies identified as national security risks, including Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company. After a thorough and meticulous review, our company certifies that it does not use telecommunications equipment or services from the listed companies, nor incorporates any technology, system, or infrastructure dependent on these solutions.

ISO 27001:2022

Our Information Security Management System (ISMS) is certified by an independent audit, validating that Segura operates under the strictest international security standards.This certification demonstrates that all our policies, controls, and processes meet the requirements of the standard, ensuring that you can fully trust in the protection, confidentiality, integrity, and availability of your data when using our solution.

See Our Certification ›
ISO 27701:2019

Expanding our commitment to protecting your privacy, we achieved ISO/IEC 27701:2019 certification through an independent audit, further strengthening Segura’s security posture.This certification confirms that our solutions are aligned with the highest international standards for privacy management, giving you peace of mind that your personal data is handled with maximum protection, transparency, and full compliance with major data protection regulations.

See Our Certification ›

Legislations

We adhere to key privacy legislation and implement necessary measures to demonstrate our ongoing dedication to safeguarding the data of our customers, partners, and employees.

GDPR

The GDPR (General Data Protection Regulation) is a privacy legislation implemented by the European Union in May 2018. Its main objective is to protect the personal data of EU citizens, ensuring that companies handle this data transparently, securely, and legally.

GDPR grants individuals more control over their personal information and places stricter responsibilities on organizations that collect and process data, regardless of geographic location. The regulation includes rights such as access, rectification, erasure, and data portability, as well as heavy penalties for non-compliance.

CCPA

The CCPA (California Consumer Privacy Act) is a privacy law in the United States that took effect in January 2020. It gives Californians greater control over their personal data by allowing them to inquire about how companies collect and use their data.

Additionally, the CCPA gives consumers the right to opt out of sharing or selling their data and mandates that companies offer transparent information about their privacy practices. The law applies to businesses that meet specific size and activity requirements and imposes penalties for violations of consumer privacy.

LGPD

The General Data Protection Law (LGPD) is a Brazilian law that took effect in September 2020. Inspired by the European Union's GDPR, the LGPD is designed to protect the privacy and security of Brazilian citizens' personal data.

The law establishes principles and rights related to data processing and requires organizations to obtain consent from data subjects, be transparent about data processing, and implement appropriate security measures. Additionally, the LGPD grants individuals rights such as access, correction, deletion, and portability of their data.

See how our innovative solutions can transform your organization's cyber security and resilience.

Learn More About Security at Segura®

Frequently Asked Questions

Find the answers you're looking for about compliance at Segura®.

+
How does Segura® protect its customers' data?
Segura® adopts a robust and multidisciplinary approach to protecting its customers' data, aligned with
industry best practices and major regulations such as LGPD, GDPR, ISO 27001, and ISO 27701.

We implement strict technical and organizational measures, including:

🔐 Multi-factor authentication and access management for identity control.

🔒 Encryption of sensitive data.

🛠 System hardening based on frameworks such as NIST and CIS, reviewed periodically.

🧪 Penetration tests and continuous vulnerability management to identify and mitigate risks, with
emphasis on our role as a member of the CVE (Common Vulnerabilities and Exposures)
community, actively contributing to the responsible disclosure of vulnerabilities.

📦 DLP, DRP, and BCP policies reviewed annually to ensure data loss prevention, recovery, and
business continuity.

🛡 Up-to-date antivirus solutions with appropriate protection policies.

🌐 Logical network segmentation, separating environments by function and sensitivity.

💾 Regularly tested backups.

🔥 Firewalls and monitoring systems with intrusion detection, automatic blocking, and real-time
alerts.

📋 Security policies and procedures reviewed annually, with internal and external audits to ensure
ongoing compliance.

In addition, our production environment operates with high availability and disaster recovery
practices, ensuring both data integrity and service continuity.

Our commitment is to transparency, privacy, and the trust of every customer.
+
Which security and privacy regulations, standards, and certifications is Segura® compliantwith?
● LGPD
● ISO 27001
● ISO 27701
● CCPA
● GDPR
● SOC 2 Type II
● SOC 3 Type II
+
What measures have been taken to meet privacy and security requirements?
Privacy Policies and Procedures:
We have established robust policies and procedures that comply with key data privacy regulations, including LGPD, GDPR, and CCPA. These guidelines ensure transparency, legality, and respect for data subjects' rights. Additionally, we offer a direct communication channel for data subjects to exercise their rights of access, rectification, and deletion as mandated by law.

Designation of Data Protection Officer (DPO) and Communication Channel:
We have appointed a Data Protection Officer (DPO) to oversee compliance with privacy and security regulations. The DPO acts as the focal point for data protection issues and coordinates compliance activities. We have established a specific channel for privacy and data protection issues to ensure effective responses to queries and requests from data subjects.

Risk Assessment and Treatment:
We have implemented a thorough risk assessment process that includes identifying, evaluating, and addressing information security risks. This enables us to recognize potential threats and implement measures to protect user data.

Access Control and Data Encryption:
We have implemented sophisticated access control mechanisms to comply with strict ISO and SOC standards, ensuring that only authorized users have access to personal data. In addition, we have adopted advanced encryption techniques to protect the confidentiality and integrity of information during storage and transmission, significantly reducing the risk of unauthorized access. These additional measures further strengthen our information security, ensuring effective protection of sensitive data.

Information Security Policies and Employee Awareness:
We have developed comprehensive information security policies based on internationally recognized principles, such as ISO and NIST, that cover several essential aspects of data protection.

Internal Training:
We carry out regular awareness and training activities for all employees to provide information on the best security practices and procedures.

Penetration Testing:
We regularly conduct thorough internal and external penetration tests to identify and address any potential vulnerabilities in our systems and networks. This ensures that our security infrastructure is strong and resilient. Any vulnerabilities discovered during testing are promptly patched to safeguard user data and enhance the organization's security.

Supplier Evaluation:
Before entering into partnerships with suppliers, we conduct a comprehensive assessment of their information security practices and ensure compliance with data protection laws. We verify that they adhere to high security and privacy standards to safeguard user data.

Continuous Monitoring:
We not only evaluate suppliers before establishing partnerships, but we also carry out continuous monitoring throughout the collaboration period. This allows us to ensure that providers maintain high security and privacy standards over time. Any deviations are promptly identified and addressed to mitigate any potential risk to users' data.
+
Does Segura® conduct regular audits to ensure the platform complies with applicable standards?
We adopt a rigorous auditing process involving renowned external companies, which conduct audits on Segura® multiple times a year and perform internal audits annually. This approach ensures we maintain the highest compliance, security, and privacy levels.
+
Does Segura® help its clients obtain compliance certifications?
Segura® helps its clients obtain various compliance certifications. Below are some of the certifications we can assist in achieving:
- ISO/IEC 27001: This international standard for information security management systems (ISMS) emphasizes the importance of controlling privileged access to protect sensitive information.
- PCI DSS (Payment Card Industry Data Security Standard): Requires strict controls over privileged access to protect payment card data.
- SOX (Sarbanes-Oxley Act): Regulation for public companies in the US that mandates robust controls over privileged access to ensure the integrity of financial information.
- HIPAA (Health Insurance Portability and Accountability Act): Requires stringent control over privileged access to protect health data in organizations in the US.
- NIST SP 800-53: A set of information security standards for US government systems that recommends managing privileged access as a critical security measure.

Implementing the senhasegura solution ensures that privileged access is adequately monitored and controlled.
For more information, you can consult our Whitepapers.
+
Is there a portal or tool to facilitate data subjects' requests and ensure compliance with these requests?
Segura® complies with data privacy regulations such as GDPR, CCPA, and LGPD. Additionally, we offer a portal where data subjects can request various actions related to their data. The portal is available in both PT-BR and EN-US.
+
Does Segura® conduct attack simulations and penetration tests to verify the effectiveness of security controls?
Segura® conducts attack simulations and penetration tests regularly to verify the effectiveness of its security controls. These pentests are carried out internally and externally several times a year, ensuring a thorough and impartial evaluation of our security.
+
How does Segura® keep its certifications updated and relevant?
Our Compliance department is continuously dedicated to analyzing the best certifications in the market, ensuring they remain relevant and aligned with the latest security practices. In addition to seeking and obtaining these certifications, we stay at the forefront of security. We conduct annual audits for each accreditation, ensuring we are always up-to-date and compliant with the most stringent standards.
+
What are the benefits of these certifications for Segura®'s clients?
Our certifications offer several benefits to Segura®'s clients, including:


- Reliability: They demonstrate our commitment to industry best practices, ensuring that senhasegura is reliable.
- Security: They guarantee that we implement rigorous measures to protect the environment, providing high security for our products and our company.
- Data Protection: They demonstrate our dedication to protecting data subjects' information, reinforcing our commitment to privacy and regulatory compliance, which are essential for ensuring digital sovereignty and user trust in our services.
These certifications testify to our ongoing commitment to excellence and security.

Ready to experience the power of Segura® firsthand?

Contact us today to schedule a demo or meeting with our experts.
70% lower total cost of ownership (TCO) compared to competitors.
90% higher time to value (TTV) with a quick 7-minute deployment.
The only PAM solution available on the market that covers the entire privileged access lifecycle.