|
Cybersecurity
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
We are committed to maintaining a robust cybersecurity infrastructure to safeguard the integrity, confidentiality and availability of our digital assets, including the data of our investors, employees, portfolio companies, and business partners against potential cyber threats, incidents and vulnerabilities. Our cybersecurity framework is an integral part of our risk management and encompasses a comprehensive suite of policies and procedures aimed at strengthening our systems and operations according to the industry’s best practices as discussed below. This framework is supported by a variety of security measures tailored to mitigate risk and enhance our defense mechanisms, including threats and incidents associated with the use of applications developed or services rendered by third-party service providers. These measures include, but are not limited to, the implementation of digital access controls, patch management protocols, identity verification processes, and the deployment of mobile device management solutions. Additionally, we employ security baselines and tools designed to detect and report anomalous activities, alongside continuous monitoring of data usage and the management of our hardware and software resources. With respect to third party service providers, our measures also include risk and compliance assessments and contractual obligations in vendor agreements.
To ensure the efficacy of our cybersecurity defenses, we conduct regular assessments through both automated and manual vulnerability scanning techniques. These assessments are critical in identifying and addressing potential security gaps. Our evaluation process also involves an annual review of our cybersecurity framework, benchmarking its performance against industry standards and recognized frameworks, such as those provided by the National Institute of Standards and Technology (NIST).
We also engage an independent third-party entity to conduct annual external penetration testing, as well as periodic evaluations of our cybersecurity measures. These assessments are instrumental in validating the effectiveness of our security strategies. Recognizing the importance of human factors in cybersecurity, we actively promote awareness and training among our employees on an ongoing basis. This is achieved through targeted internal communications, videos, and regular phishing awareness campaigns, which simulate real-world threats to enhance employee vigilance and response capabilities.
In addition, we have established a comprehensive Cybersecurity Incident Response (CIR) protocol to manage the escalation and resolution of suspected or confirmed cybersecurity events. The CIR protocol outlines the formation of a dedicated response team, comprising individuals from various technical and managerial departments, to investigate and remediate incidents. This team is also responsible for determining the need for external advisory support, including legal, forensic, and law enforcement assistance. Post-incident, the CIR protocol guides the ongoing monitoring and remediation efforts to prevent recurrence. The effectiveness and relevance of the CIR are reviewed on an annual basis.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We are committed to maintaining a robust cybersecurity infrastructure to safeguard the integrity, confidentiality and availability of our digital assets, including the data of our investors, employees, portfolio companies, and business partners against potential cyber threats, incidents and vulnerabilities. Our cybersecurity framework is an integral part of our risk management and encompasses a comprehensive suite of policies and procedures aimed at strengthening our systems and operations according to the industry’s best practices as discussed below. This framework is supported by a variety of security measures tailored to mitigate risk and enhance our defense mechanisms, including threats and incidents associated with the use of applications developed or services rendered by third-party service providers. These measures include, but are not limited to, the implementation of digital access controls, patch management protocols, identity verification processes, and the deployment of mobile device management solutions. Additionally, we employ security baselines and tools designed to detect and report anomalous activities, alongside continuous monitoring of data usage and the management of our hardware and software resources. With respect to third party service providers, our measures also include risk and compliance assessments and contractual obligations in vendor agreements.
To ensure the efficacy of our cybersecurity defenses, we conduct regular assessments through both automated and manual vulnerability scanning techniques. These assessments are critical in identifying and addressing potential security gaps. Our evaluation process also involves an annual review of our cybersecurity framework, benchmarking its performance against industry standards and recognized frameworks, such as those provided by the National Institute of Standards and Technology (NIST).
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Our cybersecurity team is led by our CISO, who works closely with our senior management. The CISO reports directly to our Chief Information Officer (“CIO”). The CISO is responsible for developing and advancing our cybersecurity strategy.
Our cybersecurity program is overseen by a dedicated Cybersecurity Committee that convenes quarterly to review and assess the program's progress. Key performance indicators (KPIs) are used to measure advancements, while potential risks are continuously evaluated to ensure proactive mitigation. This structured approach enhances our ability to adapt to evolving threats and strengthens our overall security posture.
Our Board of directors has overall oversight responsibility for our cybersecurity risk management program, but has also delegated certain matters regarding our cybersecurity risk management oversight to our audit committee. Our audit committee is responsible for ensuring that management, through our CISO, CTO and CIO, has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
Our CISO or CIO reports to our full board of directors and the audit committee at least annually on cybersecurity matters, including related risks. These reports also include, as applicable, an overview of cybersecurity incidents. The audit committee also reports material cybersecurity risks to our full board of directors, as applicable.
We believe our team has solid experience in cybersecurity and technology. Our CISO, Mr. Leonardo Martinez Larramendy, joined Patria in March 2024. He has a bachelor’s degree in systems analysis from ORT Uruguay University. He received the CISSP (Certified Information Systems Security Professional) certification in 2003 (which has been renewed annually) and holds a Master’s degree in Telecommunication and Networks from ORT Uruguay University. Before joining Patria, he led the cybersecurity area at Santander group, Uruguay, from 2011 to 2024.
Our CTO, Mr. Marco Gonçalves, is a Senior Vice President and responsible for all our infrastructure initiatives. Before joining Patria in 2003, Mr. Gonçalves worked for five years at JPMorgan Chase and three years at Banco Patrimônio. Mr. Gonçalves has a bachelor’s degree in data processing technology from FATEC‐SP (Faculdade de Tecnologia de São Paulo), a post graduate degree in process management and engineering for software development from FIAP and an MBA in strategic information technology management from Fundação Getulio Vargas –FGV.
Our CIO, Angelo Figaro Egido, is one of our officers and Head of IT, being responsible for all our technology. Before joining Patria in 2023, Mr. Figaro Egido was the CIO and VP of innovation and digital for Latin America for Renault-Nissan-Mitsubishi group regarding digital, security, infrastructure, systems, and digital products and was in charge of all information technology operations for Latin America.
Our CISO, CTO and CIO review the scope of our cybersecurity measures periodically, including in the event of a change in business practices that may implicate the security or integrity of our information and systems.
The CIO promotes the implementation of processes and programs to manage cybersecurity risks and remediate cybersecurity incidents. Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our CIO who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.
In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our cybersecurity team is led by our CISO, who works closely with our senior management. The CISO reports directly to our Chief Information Officer (“CIO”). The CISO is responsible for developing and advancing our cybersecurity strategy.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Board of directors
|Cybersecurity Risk Role of Management [Text Block]
|Our Board of directors has overall oversight responsibility for our cybersecurity risk management program, but has also delegated certain matters regarding our cybersecurity risk management oversight to our audit committee. Our audit committee is responsible for ensuring that management, through our CISO, CTO and CIO, has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
We believe our team has solid experience in cybersecurity and technology. Our CISO, Mr. Leonardo Martinez Larramendy, joined Patria in March 2024. He has a bachelor’s degree in systems analysis from ORT Uruguay University. He received the CISSP (Certified Information Systems Security Professional) certification in 2003 (which has been renewed annually) and holds a Master’s degree in Telecommunication and Networks from ORT Uruguay University. Before joining Patria, he led the cybersecurity area at Santander group, Uruguay, from 2011 to 2024.
Our CTO, Mr. Marco Gonçalves, is a Senior Vice President and responsible for all our infrastructure initiatives. Before joining Patria in 2003, Mr. Gonçalves worked for five years at JPMorgan Chase and three years at Banco Patrimônio. Mr. Gonçalves has a bachelor’s degree in data processing technology from FATEC‐SP (Faculdade de Tecnologia de São Paulo), a post graduate degree in process management and engineering for software development from FIAP and an MBA in strategic information technology management from Fundação Getulio Vargas –FGV.Our CIO, Angelo Figaro Egido, is one of our officers and Head of IT, being responsible for all our technology. Before joining Patria in 2023, Mr. Figaro Egido was the CIO and VP of innovation and digital for Latin America for Renault-Nissan-Mitsubishi group regarding digital, security, infrastructure, systems, and digital products and was in charge of all information technology operations for Latin America.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The CIO promotes the implementation of processes and programs to manage cybersecurity risks and remediate cybersecurity incidents. Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our CIO who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef