Integrated Management System Policy

  1. Introduction

Indigo Hive is a Brazilian company specialized in developing artificial intelligence-based solutions designed to increase efficiency and autonomy in large organizations. Through its proprietary platform – Cogfy – the company integrates data, automates processes, and delivers value via intelligent agents, copilots, and conversational interfaces.

Committed to innovation, security, and the reliability of its solutions, Indigo Hive is implementing an Integrated Management System (IMS) focused on information security, data privacy, and cloud service security. The IMS is being developed in compliance with ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 27017 standards, as well as applicable national legislation, including Brazil’s General Data Protection Law (LGPD – Law No. 13.709/2018).

The IMS supports the continuous improvement of internal processes, focusing on data protection, information integrity, and risk mitigation. It also contributes to the company’s alignment with best practices in governance, sustainability, and social responsibility, including ESG (Environmental, Social, and Governance) principles and cloud security.

  1. Objective

To establish the guidelines of the Integrated Management System (IMS) at Indigo Hive, with a focus on the implementation and continuous improvement of practices related to information security, data privacy, and cloud computing security.

The IMS aims to support compliance with applicable legal, regulatory, and contractual requirements, strengthen internal controls, mitigate risks, and foster trust in the solutions developed by the company. This policy also ensures coherence between organizational processes and the principles of transparency, innovation, accountability, and integrity that guide Indigo Hive’s operations.

  1. Scope

This policy applies to all operations, processes, functional areas, and resources involved in Indigo Hive’s activities. It covers employees, partners, suppliers, and service providers who, directly or indirectly, participate in the development, maintenance, support, or delivery of the company’s solutions.

The scope of the Integrated Management System (IMS) includes aspects related to information security, personal data privacy, and cloud security, as defined by ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 27017 standards.

  1. Terms and Definitions

  • AI (Artificial Intelligence): A field of technology that develops systems capable of performing tasks that typically require human intelligence, such as language interpretation, pattern recognition, and autonomous decision-making.

  • Cloud Environments: IT infrastructures and services provided remotely via the internet, used by Indigo Hive to operate and deliver AI-based solutions.

  • DPO (Data Protection Officer): The individual responsible for acting as a communication channel between the company, data subjects, and Brazil’s National Data Protection Authority (ANPD), ensuring LGPD compliance.

  • ESG (Environmental, Social, and Governance): A set of practices focused on environmental responsibility, social commitment, and ethical governance, which guide strategic actions at Indigo Hive.

  • ISO (International Organization for Standardization): An international body that develops technical standards, including those that govern Indigo Hive’s IMS (ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017).

  • LGPD (General Data Protection Law): Law No. 13.709/2018, which regulates the processing of personal data in Brazil, establishing rights for data subjects and obligations for organizations.

  • Pentest (Penetration Test): Technical tests conducted to identify vulnerabilities in the company’s systems by simulating attacks to evaluate their security.

  • Cogfy Platform: Indigo Hive’s proprietary platform, composed of agents, copilots, and intelligent interfaces that integrate corporate data and optimize processes through AI.

  • IMS (Integrated Management System): A structured system for managing requirements related to information security (ISMS), data privacy (PIMS), and cloud security, based on ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 27017.

  • PIMS (Privacy Information Management System): A structure focused on personal data protection, in compliance with the LGPD and other applicable standards, ensuring the secure and ethical processing of information.

  • ISMS (Information Security Management System): A set of policies, processes, and controls implemented to ensure the confidentiality, integrity, and availability of the organization’s information.

  • Confidentiality and Data Protection Agreements: Documents that define the obligations and responsibilities of employees, partners, and service providers regarding the protection of information and data processed by Indigo Hive.

  1. Roles and Responsibilities

The responsibilities related to Indigo Hive’s Integrated Management System (IMS) are described in complementary documents such as the Code of Conduct, Confidentiality Agreements, and other internal policies and standards. In general, responsibilities are distributed as follows:

  • Top Management:
    Defines the strategic vision for the IMS, ensures the allocation of necessary resources, and demonstrates commitment to information security, privacy, compliance, and organizational responsibility.

  • IMS Committee:
    A multidisciplinary body responsible for monitoring IMS implementation and performance, promoting periodic reviews, identifying improvement opportunities, and ensuring alignment with ISO/IEC standards and applicable legislation.

  • Employees:
    Must understand and comply with IMS guidelines, participate in mandatory training, perform their activities diligently, and report any risks, non-conformities, or security incidents.

  • Partners, Contractors, and Suppliers:
    Must deliver services in accordance with IMS requirements, adhering to the same standards of security, confidentiality, and compliance required internally, and maintain effective communication.

  • Other Stakeholders:
    Contribute to the continuous improvement of the IMS through interactions, feedback, and partnerships, and are expected to act ethically and in line with Indigo Hive’s values.

  1. Guidelines

The following guidelines reflect Indigo Hive’s commitment to information security, data privacy, cloud protection, and compliance with applicable laws and standards. They guide all organizational activities and promote a culture of responsibility, innovation, and continuous improvement:

  • Place the client and other stakeholders at the center of decision-making, continuously improving services and solutions to ensure security, efficiency, and reliability;

  • Promote continuous improvement of the Integrated Management System (IMS) by adopting best practices in information security, data privacy, and cloud security, in alignment with ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 27017;

  • Ensure compliance with legal, regulatory, and contractual obligations, especially regarding the LGPD and other data protection legislation;

  • Implement and maintain effective controls to ensure the confidentiality, integrity, availability, and resilience of the information handled by the organization;

  • Protect the privacy of client, employee, and partner data, respecting ethical principles and the rights of data subjects, and adopting technical and administrative measures compatible with identified risks;

  • Select, qualify, and monitor suppliers and service providers based on security, privacy, and compliance criteria, ensuring operational continuity and integrity;

  • Foster a culture of information security and data protection through training, ongoing awareness, and employee engagement;

  • Allocate adequate human, technological, and financial resources to maintain and evolve the IMS, ensuring its alignment with the organization’s strategic needs.

  1. Violations and Sanctions

The principles and guidelines set out in this policy have the full support of Indigo Hive’s Top Management and apply to all components of the Integrated Management System (IMS), including information security, data privacy, and cloud security.

All employees, service providers, partners, and suppliers must strictly adhere to the guidelines described here and in complementary IMS documents in the course of their duties and activities.

Lack of knowledge of these guidelines or internal policies will not be accepted as a justification for non-compliance. A formal procedure must exist to handle infractions, violations, or incidents related to the IMS, including investigation, documentation, and appropriate treatment based on the severity of the situation.

Sanctions for non-compliance with IMS guidelines include, but are not limited to:

  • Verbal or written warning – for minor or easily corrected issues;

  • Mandatory additional training – when the infraction results from lack of awareness or misunderstanding of internal policies;

  • Temporary suspension of access or activities – in cases of recurrence or breaches that compromise information security or compliance;

  • Dismissal or contract termination – for severe violations such as misuse of data, negligence with information assets, data leaks, or intentional disregard of standards;

  • Legal action and/or notification to authorities – when there is evidence of unlawful conduct, fraud, breach of confidentiality, or any civil or criminal offense.

For third parties or service providers, non-compliance with the established guidelines may lead to immediate contract termination and potential civil, administrative, or criminal liability, as applicable under the law.

It is the responsibility of all individuals to promptly and securely report any conduct that violates the IMS policies or may compromise the company’s information security and privacy. Failing to report a known violation may be considered complicity and subject to the same penalties as the offender.

Sanctions will always be applied proportionally, fairly, and transparently, with the goal of preserving IMS integrity and promoting a culture of compliance and organizational responsibility.

  1. Validity and Review

This policy takes effect on the date of its publication and will remain in force until reviewed or replaced. The policy will be reviewed periodically or whenever significant changes occur in activities, processes, legislation, or applicable IMS standards.

Responsibility for reviewing and updating the policy lies with the IMS Committee, which will ensure continuous alignment with best practices and legal and normative requirements. Any changes will be duly communicated to all relevant stakeholders.

Revision 00. Date: 07/19/2024



Join Indigo and unlock the secrets of artificial intelligence for your business

Unlock the future

Brazil

578 Rua Haddock Lobo, 4th Floor

Cerqueira César - São Paulo

3200 Av Faria Lima, 3rd Floor

Itam Bibi - São Paulo

United Arab Emirates

Sheik Zayed Rd
Jumeirah Emirates Towers

42nd Floor - Dubai

© 2024 Indigo Hive. All Rights Reserved.

Unlock the future

Brazil

578 Rua Haddock Lobo, 4th Floor

Cerqueira César - São Paulo

3200 Av Faria Lima, 3rd Floor

Itam Bibi - São Paulo

United Arab Emirates

Sheik Zayed Rd
Jumeirah Emirates Towers

42nd Floor - Dubai

© 2024 Indigo Hive. All Rights Reserved.

Unlock the future

Brazil

578 Rua Haddock Lobo, 4th Floor

Cerqueira César - São Paulo

3200 Av Faria Lima, 3rd Floor

Itam Bibi - São Paulo

United Arab Emirates

Sheik Zayed Rd
Jumeirah Emirates Towers

42nd Floor - Dubai

© 2024 Indigo Hive. All Rights Reserved.