SSN Updates Its Information Security Policy

Resolution 31/2023 of January 17, 2023, had approved the Superintendence of Insurance’s (SSN) Information Security Policy. This Policy had established the general goals, basic principles, and specific guidelines the entity had to adopt to guarantee information security.

On September 2, 2024, through Resolution 431/2024, the SSN’s Information Security Committee decided to repeal Resolution 31/2023 and approve a new and consolidated Information Security Policy. This new Policy incorporates specific rules aimed at safeguarding the confidentiality, integrity, and availability of information, as well as protecting technological resources and guaranteeing the SSN’s operations continuity.

 The specific policies the Resolution introduces include:

1. organizational policy
2. human resources policy
3. security incident management policy
4. access control policy
5. supplier relationship security policy
6. cryptography policy.

The Information Security Policy applies to all the entity, its resources, and all of its processes. Further, all individuals—both internal and external—must comply with it. This includes all those related with the SSN through contracts, agreements, accords, or other legal instruments.