Cybersecurity is a fundamental pillar of Klabin's strategy. We are committed to safeguarding the Company's operations and information, fostering a secure and resilient digital environment for employees, business partners, clients and shareholders.

 

To uphold this commitment, Klabin adopts ISO27001, the Brazilian Internet Civil Framework, the Brazilian Data Protection Law (LGPD), GDPR, CISP, NIST, and IEC-62443 as guiding standards and best practice references. This approach ensures the confidentiality, integrity, availability, and authenticity of information, while also providing an integrated view of both administrative and industrial environments.

 

Klabin’s approach to cybersecurity is structured around four key pillars:

 

>>> Confidentiality: Only authorized individuals have access to information;

 

>>> Availability: Information is accessible to duly authorized users whenever needed;

 

>>> Integrity: Data can only be modified through authorized means;

 

>>> Authenticity: Verification of the source of information, ensuring its reliability.

 

Cybersecurity governance is managed by a multidisciplinary committee including the Risks, Internal Controls, Internal Audit, Information Technology, and Industrial Automation areas, as well as business units. This structure provides an integrated and strategic view of cyber risks, supporting preventive, corrective, and educational actions.

 

Klabin also adopts a comprehensive approach to third-party cybersecurity and privacy management, ensuring that all suppliers and partners are aligned with its internal policies and regulatory compliance. Additionally, the Information Security department takes a proactive role in protecting the Company’s systems and safeguarding data integrity through internal commitments to ongoing actions and continuous system improvement, including:

 

• Use of layered technology solutions to mitigate risks;

 

• Ongoing monitoring of security threats and incident response;

 

• Compliance of industrial systems with manufacturer recommendations;

 

• Implementation and testing of business continuity plans;

 

•ﾠEvaluation of security requirements with suppliers and partners;

 

• Employee and third-party awareness initiatives, establishing individual responsibilities for information security among all employees;

 

• Support for secure development of software and technology projects;

 

• Responsible adoption of new technologies, including artificial intelligence;

 

• Compliance with internal policies and controls.