|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
Cybersecurity risk management is an integral part of our overall enterprise risk management program. As a leading education company in the Latin American market, we face a series of challenges and are charged with various responsibilities regarding the security of the information we process, including sensitive data of our students, employees, and other stakeholders. Our cybersecurity risk management program is designed to align with industry best-practices and provide a framework for dealing with cybersecurity threats and incidents, including those associated with the use of relevant applications developed or services provided by our third-party providers. In addition to incident containment, our cybersecurity team conducts penetration testing to assess vulnerabilities in our internally-developed systems.
through our information security department. This department reports to the Vice-Presidency of Technology for Cogna, our parent company, which directly oversees strategies and initiatives related to information security across the Cogna group. Cogna’s information security department is composed of certified and accredited cybersecurity professionals, divided into necessary competencies for day-to-day operations, such as identity and access management, cybersecurity and awareness and training, among others. The department is divided into 3 subdivisions that deal with identity and access management, cybersecurity incident management, and information security governance and risks. Based on the recognized standards of the National Institute of Standards and Technology, or “NIST”, and other market-standard cybersecurity risk frameworks, we endeavor to address key components of cybersecurity risk management, including incident response, access controls, risk management, security architecture, awareness campaigns and training.
The cybersecurity management process facilitates coordination among different departments of our company and includes steps to assess the severity of a cybersecurity threat, identify its source, includingIn addition, we maintain a Third-Party Risk Management policy that sets forth processes to analyze the acquisition and renewal flow of third-party contracts, conducted by a dedicated team working in conjunction with the Supply, Privacy, and IT Architecture departments of Cogna.
in connection with our risk management processes. In addition, our information security department oversees and identifies such risks from cybersecurity threats associated with our third-party service providers.
However, despite our efforts, we cannot eliminate all cybersecurity threat risks, nor can we guarantee that we have not experienced undetected cybersecurity incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|through our information security department.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|However, despite our efforts, we cannot eliminate all cybersecurity threat risks, nor can we guarantee that we have not experienced undetected cybersecurity incidents.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our board of directors is responsible for overseeing our general risk management environment and initiatives, including those relating to cybersecurity. Our board delegates cybersecurity risk management functions to the audit committee, which in turn establishes the processes through which the information security department identifies, assesses and implements programs to manage and mitigate cybersecurity risks. The audit committee reports our general enterprise risks and cybersecurity-specific risks to the board of directors on a quarterly basis.
In addition, we rely on the information security policies of Cogna, our parent company, which establishes guidelines and rules defining standards the appropriate handling of information by employees of all companies within the Cogna group. The information security policies are intended to promote confidentiality, integrity and availability of information, in accordance with market best-practices and legal and regulatory requirements in order to manage and mitigate business risks.
If a potential cybersecurity risk within our business is identified, the information security departments of both Cogna and Vasta convene to carry out the processes for detecting, mitigating and remediating cybersecurity incidents.
Our security area undergoes recurrent internal and external audits and uses market-standard cybersecurity frameworks to assess the effectiveness of our cybersecurity processes and related internal controls. Annually, the information security process is evaluated by external consulting to review and address market needs. All improvement opportunities identified in an assessment analysis are included in a correction roadmap, as in a Plan-Do-Check-Act cycle. Additionally, the Cogna information security department has a Security Culture Plan that comprises awareness campaigns and training for all Cogna Group employees, including corporate training, phishing tests, workshops, awareness campaigns, and sending regular updates.
For more information about these risks, please see “Item 3. Key Information—D. Risk Factors—Certain Factors Relating to Our Business and Industry—We depend significantly on IT systems and are subject to risks related to technological change. Any failure to maintain and support customer facing services, systems, and platforms, including addressing quality issues and executing timely release of new products and enhancements, could negatively impact our revenue and reputation.” and “Item 3. Key Information—D. Risk Factors—Certain Factors Relating to Our Business and Industry—Failure to prevent or detect a malicious cyber-attack on our systems and databases could result in a misappropriation of confidential information or access to highly sensitive information” in this annual report.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our board of directors is responsible for overseeing our general risk management environment and initiatives, including those relating to cybersecurity. Our board delegates cybersecurity risk management functions to the audit committee, which in turn establishes the processes through which the information security department identifies, assesses and implements programs to manage and mitigate cybersecurity risks. The audit committee reports our general enterprise risks and cybersecurity-specific risks to the board of directors on a quarterly basis.
|Cybersecurity Risk Role of Management [Text Block]
|
In addition, we rely on the information security policies of Cogna, our parent company, which establishes guidelines and rules defining standards the appropriate handling of information by employees of all companies within the Cogna group. The information security policies are intended to promote confidentiality, integrity and availability of information, in accordance with market best-practices and legal and regulatory requirements in order to manage and mitigate business risks.
If a potential cybersecurity risk within our business is identified, the information security departments of both Cogna and Vasta convene to carry out the processes for detecting, mitigating and remediating cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|If a potential cybersecurity risk within our business is identified, the information security departments of both Cogna and Vasta convene to carry out the processes for detecting, mitigating and remediating cybersecurity incidents.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The cybersecurity management process facilitates coordination among different departments of our company and includes steps to assess the severity of a cybersecurity threat, identify its source, including
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef