Warning
Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.
Compliance
Regulatory and framework obligations that affect how the Technology team builds and operates systems at Patria Investments.
Applicable regulations and frameworks
| Regulation / Framework | Applicability | Owner |
|---|---|---|
| LGPD | All systems processing personal data of Brazilian residents | DPO + Security team |
| CVM Instruction 558/2015 | Portfolio management and reporting systems | Compliance team |
| ANBIMA Code of Regulation | Distribution and investment advisory platforms | Compliance team |
| ISO 27001 (alignment) | Information security management baseline | Security team |
| SOC 2 Type II (roadmap) | SaaS services delivered to institutional clients | Security team |
Controls mapping
Security and privacy controls are mapped to requirements in a central register maintained by the Security & Compliance team. Access to this register can be requested via ServiceNow.
Audit & evidence
- Evidence for compliance audits is collected continuously via automated tooling where possible
- Manual evidence requests are coordinated by the Security & Compliance team
- Teams are expected to respond to evidence requests within 3 business days
Sections
Contact
Security & Compliance team — see Contacts