Security FAQ
What authentication method does SoluCX use?
SoluCX uses and recommends SSO/SAML for authentication.
Does SoluCX encrypt your data?
Yes, both in transit using HTTPS protocol with SSL certificate, and at rest in the databases.
Security, Compliance, and LGPD — SoluCX
This FAQ consolidates SoluCX’s main information security, compliance, governance, privacy, and LGPD practices. The goal is to address recurring requests from security, risk, legal, and procurement teams during vendor qualification and contracting.
What is the solution’s delivery, hosting, and architecture model?
SoluCX is a SaaS solution hosted on certified cloud infrastructure, built on a microservices architecture orchestrated with containers, using a hybrid multi-tenant model, logical data segregation per customer, and encryption at rest.
Is there a formal Information Security program?
Yes. SoluCX maintains a formal Information Security program aligned with international standards and best practices, with policies, processes, and technical and administrative controls focused on confidentiality, integrity, and availability of information.
How is access control to information ensured?
Access is protected via federated authentication (SSO via SAML), username and password, or token. There is granular permission control, role segregation, session management, configurable expiration, and protections against brute-force attacks.
Are data protected against unauthorized access?
Yes. Data are protected with encryption in transit (TLS) and at rest (AES-256 or higher), in addition to access controls and logical segregation per customer.
Does the solution have monitoring and audit mechanisms?
The solution has continuous monitoring and observability, with standardized logging, traceability of relevant security events, and ongoing tracking of availability, performance, and risks.
How are vulnerabilities and technical risks handled?
SoluCX performs continuous vulnerability scanning, secure code analysis (SAST), uses specialized tools, and conducts periodic penetration testing (Black and Grey Box), with defined remediation timelines based on severity.
Are there business continuity and disaster recovery plans?
Yes. The solution operates with high availability, automated backups, retention according to the contract, and periodic restoration tests.
Does SoluCX meet corporate compliance and governance requirements?
Yes. SoluCX is ISO 27001 certified and maintains formal policies for Information Security, Privacy and Data Protection, Vulnerability Management, Secure Development (DevSecOps), Change Management, Incident Response, Identity and Access, Logging, and Business Continuity.
How does SoluCX comply with the LGPD?
SoluCX acts as a Data Processor (Operadora), processing personal data according to instructions from the Customer Data Controller (Controlador). It does not process sensitive personal data, applies Privacy by Design, and maintains controls for retention, anonymization, pseudonymization, and definitive deletion of data at the end of the contract.
Are there physical information security controls?
Yes. SoluCX maintains a Physical Information Security Policy with controls for access to corporate environments and protection of workstations and equipment. The cloud infrastructure includes 24x7 surveillance, biometric access control, continuous monitoring, and independent audits.
What controls are applied to employees and contractors?
All personnel undergo periodic training on Information Security, Privacy, and LGPD, and sign Non-Disclosure Agreements (NDA) and responsibility terms. When applicable, background checks are performed, always in compliance with applicable law.
How is third-party risk managed?
Vendors are used only for specific purposes according to each customer’s contract. SoluCX adopts security and compliance criteria for contracting and monitoring critical third parties.
Does SoluCX provide security and compliance evidence?
Yes. SoluCX can share policies, certificates, technical reports, and control evidence, subject to a prior NDA (Non-Disclosure Agreement).