|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
to ensure information systems security, by defining roles and responsibilities within the governance structure adopted by Ultrapar.
Ultrapar’s processes for assessing, identifying, and managing material risks from cybersecurity threats are the responsibility of our information security department, comprised of IT specialists who proactively search for vulnerabilities in our systems and monitor and act on threats and breaches identified.
We have implemented security measures to protect our databases and prevent cyberattacks, thereby reducing risks of exposure to data breaches and IT security incidents, and we have adopted various actions aiming to minimize potential technology disruptions, such as tools, controls and procedures in the management and monitoring of internal and perimeter security, periodic analysis of vulnerabilities, an information security and cybersecurity awareness program, contingency plans for critical processes, a secondary environment for physical disaster recovery and respective periodic tests, tools for continuous monitoring and correlation of events, a dedicated team responsible for maintaining and continuously improving the information security management system, incident response plans and other best practices and tools.
to conduct cybersecurity trainings, phishing and penetration tests, and evaluations on our information security systems, among other services related to our cybersecurity risk assessment programs. We also hired third-party SOC (Security Operations Center) and SIEM (Security Information and Event Management) tools to constantly monitor our systems, tracking incidents and potential vulnerabilities. Ultrapar is also ISO 27001 certified since 2022.
Furthermore, with the assistance of third-party specialized companies, Ultrapar has developed and employs several tools to support management in the event of any cybersecurity incident. These tools assist the Company in identifying its critical processes, systems and resources, whose correction should be prioritized in case of unavailability or failure, and in devising a formalized and
Previous cybersecurity incidents. On January 11, 2021, an unauthorized party disrupted access to our IT systems, which caused a temporary interruption to our operations and resulted in the theft of certain proprietary data. On January 14, 2021, we began restoring the systems that were affected by this incident and all critical information systems have been fully operational since February 2021. The event did not have any material and lasting impacts on the Company.
The Company had, at the time, a cyber insurance policy in place, which was triggered by the event. For information on risks from cybersecurity threats, see “Item 3.D. Key information—Risk factors—Information technology failures, including those that affect the privacy and security of personal data, as a result of cyber-attacks or other causes, could adversely affect our businesses and the market price of our shares and ADSs.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|to ensure information systems security, by defining roles and responsibilities within the governance structure adopted by Ultrapar.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Information Security Management Committee reports to the Information Security Steering Committee.
The main roles and their respective responsibilities in maintaining and continuously improving security in the information technology systems of Ultrapar are described below:
As of December 31, 2024, Ultrapar’s Information Security Steering Committee was composed of four members, whose relevant expertise for assessing and managing risks relating to cybersecurity are described below:
Ultrapar’s Management and Control Officer. Our Management and Control Officer joined Ultrapar in May 2024 as the Financial Planning and Investor Relations Director. He has served as the Chief Financial and Investor Relations Officer of Eurofarma from 2020 to 2024 and of Delta Energia from 2019 to 2020. He holds a bachelor’s degree in business administration and international trade from the University of Taubaté, and MBAs from the University of Laverne, Administration Institute Foundation and University of Taubaté, focusing on finance, business, innovation and project management.
Ultrapar’s Risks, Integrity and Audit Officer. Our Risks, Integrity and Audit Officer joined Ultrapar in 2017 as the Compliance Manager and has been the Director of Risks, Integrity and Audit since 2021. She has served as Vale’s Compliance, Forensic and Audit Manager from 2015 to 2017 and Votorantim Cimentos’s Global Compliance Manager from 2014 to 2015. She graduated in law from the Pontifical Catholic University of São Paulo and has executive education in corporate governance and compliance from Insper.
Ultrapar’s Legal Officer. Our Legal Officer joined Ultrapar in 2023. She has served the legal department of BRMalls from 2011 to 2023, being its Legal Director from 2018 to 2023 and its Data Protection Officer from 2020 to 2023. She graduated in law from the Pontificial Catholic University of Rio de Janeiro, holds a master degree in corporate law and capital markets from Ibmec and has executive education on privacy and data protection from Insper.
Ultrapar’s Information Security Manager. Our Information Security Manager joined Ultrapar in 2009 as an IT analyst and has been the Information Security Manager since 2022, being responsible for the assessment, mitigation and correction of information security risks at the Company. He also has experience in IT Governance, Identity and Access Management (IAM), data protection management with respect to cybersecurity incidents, as well as extensive knowledge in network infrastructure, servers, user authentication, virtualization and storage. He graduated in information technology from the Paulista University and holds an MBA in cybersecurity forensics, ethical hacking and DevSecOps from the Paulista College of Informatics and Administration.
For more information about our overall risk management processes, strategy and governance, see “Item 4.B. Information on the Company—Business overview.”
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|In addition to the overall governance structure applicable to all risks monitored by Ultrapar, there are two support committees focused on matters related to information systems security: the Information Security Steering Committee and the Information Security Management Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Information Security Management Committee reports to the Information Security Steering Committee.
|Cybersecurity Risk Role of Management [Text Block]
|
The main roles and their respective responsibilities in maintaining and continuously improving security in the information technology systems of Ultrapar are described below:
As of December 31, 2024, Ultrapar’s Information Security Steering Committee was composed of four members, whose relevant expertise for assessing and managing risks relating to cybersecurity are described below:
Ultrapar’s Management and Control Officer. Our Management and Control Officer joined Ultrapar in May 2024 as the Financial Planning and Investor Relations Director. He has served as the Chief Financial and Investor Relations Officer of Eurofarma from 2020 to 2024 and of Delta Energia from 2019 to 2020. He holds a bachelor’s degree in business administration and international trade from the University of Taubaté, and MBAs from the University of Laverne, Administration Institute Foundation and University of Taubaté, focusing on finance, business, innovation and project management.
Ultrapar’s Risks, Integrity and Audit Officer. Our Risks, Integrity and Audit Officer joined Ultrapar in 2017 as the Compliance Manager and has been the Director of Risks, Integrity and Audit since 2021. She has served as Vale’s Compliance, Forensic and Audit Manager from 2015 to 2017 and Votorantim Cimentos’s Global Compliance Manager from 2014 to 2015. She graduated in law from the Pontifical Catholic University of São Paulo and has executive education in corporate governance and compliance from Insper.
Ultrapar’s Legal Officer. Our Legal Officer joined Ultrapar in 2023. She has served the legal department of BRMalls from 2011 to 2023, being its Legal Director from 2018 to 2023 and its Data Protection Officer from 2020 to 2023. She graduated in law from the Pontificial Catholic University of Rio de Janeiro, holds a master degree in corporate law and capital markets from Ibmec and has executive education on privacy and data protection from Insper.
Ultrapar’s Information Security Manager. Our Information Security Manager joined Ultrapar in 2009 as an IT analyst and has been the Information Security Manager since 2022, being responsible for the assessment, mitigation and correction of information security risks at the Company. He also has experience in IT Governance, Identity and Access Management (IAM), data protection management with respect to cybersecurity incidents, as well as extensive knowledge in network infrastructure, servers, user authentication, virtualization and storage. He graduated in information technology from the Paulista University and holds an MBA in cybersecurity forensics, ethical hacking and DevSecOps from the Paulista College of Informatics and Administration.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Information Security Management Committee reports to the Information Security Steering Committee.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
As of December 31, 2024, Ultrapar’s Information Security Steering Committee was composed of four members, whose relevant expertise for assessing and managing risks relating to cybersecurity are described below:
Ultrapar’s Management and Control Officer. Our Management and Control Officer joined Ultrapar in May 2024 as the Financial Planning and Investor Relations Director. He has served as the Chief Financial and Investor Relations Officer of Eurofarma from 2020 to 2024 and of Delta Energia from 2019 to 2020. He holds a bachelor’s degree in business administration and international trade from the University of Taubaté, and MBAs from the University of Laverne, Administration Institute Foundation and University of Taubaté, focusing on finance, business, innovation and project management.
Ultrapar’s Risks, Integrity and Audit Officer. Our Risks, Integrity and Audit Officer joined Ultrapar in 2017 as the Compliance Manager and has been the Director of Risks, Integrity and Audit since 2021. She has served as Vale’s Compliance, Forensic and Audit Manager from 2015 to 2017 and Votorantim Cimentos’s Global Compliance Manager from 2014 to 2015. She graduated in law from the Pontifical Catholic University of São Paulo and has executive education in corporate governance and compliance from Insper.
Ultrapar’s Legal Officer. Our Legal Officer joined Ultrapar in 2023. She has served the legal department of BRMalls from 2011 to 2023, being its Legal Director from 2018 to 2023 and its Data Protection Officer from 2020 to 2023. She graduated in law from the Pontificial Catholic University of Rio de Janeiro, holds a master degree in corporate law and capital markets from Ibmec and has executive education on privacy and data protection from Insper.
Ultrapar’s Information Security Manager. Our Information Security Manager joined Ultrapar in 2009 as an IT analyst and has been the Information Security Manager since 2022, being responsible for the assessment, mitigation and correction of information security risks at the Company. He also has experience in IT Governance, Identity and Access Management (IAM), data protection management with respect to cybersecurity incidents, as well as extensive knowledge in network infrastructure, servers, user authentication, virtualization and storage. He graduated in information technology from the Paulista University and holds an MBA in cybersecurity forensics, ethical hacking and DevSecOps from the Paulista College of Informatics and Administration.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Furthermore, with the assistance of third-party specialized companies, Ultrapar has developed and employs several tools to support management in the event of any cybersecurity incident. These tools assist the Company in identifying its critical processes, systems and resources, whose correction should be prioritized in case of unavailability or failure, and in devising a formalized and
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef