|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have security measures in place to mitigate the risk of cybersecurity threats affecting our technology environment and our business. Our cybersecurity policies and programs are based on Santander Spain’s frameworks and policies, which are aligned with the NIST CSF – Cybersecurity Framework, and we have also taken into consideration the practices set forth in the ISO-27002 to assist us in formulating such security measures. These measures include governance, anticipate, protect, detect and respond processes and controls including, but not limited to, a risk management program, a training and awareness program, access and privilege management, segregation of test and production environments, network security analysis, baseline configuration of hardware and software, activity log correlation, malware prevention and remediation, business continuity management, security analysis of third-party operations, and cyber incident management. Our cybersecurity team and committees employ a range of security processes and solutions, and work to disseminate these measures within our organization, including through regular compliance checks and continuous monitoring of network activity by the Santander Group’s Global Security Operations Center (“SOC”) and security tests performed by independent companies.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our cybersecurity team is composed of dedicated personnel who have experience in cybersecurity in a financial institution context. This team has overall oversight responsibility for our cybersecurity processes and cyber risk management and also relies on the internal controls team, audit team and our risk and compliance committee to ensure oversight and controls effectiveness.
|Cybersecurity Risk Role of Management [Text Block]
|Cybersecurity topics are deliberated in executive committees that have the role of informing and providing supporting materials to our executives and advisors to ensure the best decision-making for the business. Our CISO also regularly updates our audit committee and our risk and compliance committee on Santander Brasil cybersecurity programs, material cybersecurity risks and mitigation strategies, providing periodical reports (annually or ad hoc) that cover, among other topics, our risk exposure, third-party assessment results, maturity of our subsidiaries and incidents that may have happened during the period. Such executive committees support our board of directors.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to our risk and compliance committee and to our audit committee. Our audit committee is responsible for providing our board of directors and senior management with an independent assessment of the quality and effectiveness of internal control, cyber risk management and governance of cybersecurity controls. Additionally, our risk and compliance committee is responsible for advising our executive committee as an instrument for effective risk control, ensuring that they are managed according to the level of risk appetite approved by our board of directors.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Santander Group, which includes Santander Brasil and its subsidiaries, has ISO 27001 certification for the key global cybersecurity processes that support our global services. This external recognition, verified through an onsite inspection, confirms our alignment with industry best practices in terms of information security for the following key processes: (i) security operations center, or SOC alert management, (ii) cyber incident management, (iii) malware protection for endpoint security and (iv) attack surface management. We also hold a Service Organization Controls – SOC 1 Type 2 Report (SSAE 18), which provides an independent external recognition for the design and operating effectiveness of global cybersecurity controls, and focus on global cyber products and controls.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef