Warning
Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.
Cybersecurity
Security strategy, policies, identity management, and compliance for Patria Investments’ Technology team.
Principles
- Zero Trust: trust no implicit network perimeter — verify identity and authorisation on every request
- Least privilege: users and services receive only the minimum access required, reviewed periodically
- Shift left: security requirements are addressed from the design phase, not after deployment
- Zero secrets in code: credentials are managed via Azure Key Vault or secure CI/CD variables — never committed to repositories
- Privacy by design: personal data is identified, mapped, and protected from the start of any initiative
Identity provider
All authentication is centralised on Microsoft Entra ID (Azure Active Directory). No local accounts or shadow IT credentials are permitted for production systems.
See Identity & Access Management for details.
Regulatory context
Patria Investments is subject to:
| Regulation | Scope |
|---|---|
| LGPD (Lei Geral de Proteção de Dados) | All systems processing personal data of Brazilian residents |
| CVM / ANBIMA regulations | Financial data handling and reporting |
| ISO 27001 (alignment) | Information security management baseline |
See Compliance for details.
Sections
- Identity & Access Management (IAM)
- Security Policies
- Compliance
- Vulnerability Management
- Security Awareness
Contacts
Owner: Security & Compliance team — see Contacts
To report a security incident, follow the Incident Response procedure.