XML 68 R38.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We maintain a comprehensive process to assess, identify, and manage risks arising from vulnerabilities, including risks related to disruptions to business operations or financial reporting systems, intellectual property theft, fraud, extortion, harm to employees or customers, privacy law violations, and other legal disputes and risks, as part of our overall risk management system and processes.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We frequently conduct training and awareness campaigns on information security and cybersecurity so that everyone receives guidance and can identify and report information security events or incidents, both in the corporate and industrial environments. These actions are intended to promote familiarity with our Information Security Policy. We also leverage internal communications to raise awareness and conduct phishing simulation exercises.
We regularly review, test, and update our information security and cybersecurity processes by conducting penetration testing, vulnerability assessments, and attack simulations. Measures are implemented to deter, prevent, detect, and respond to unauthorized activities in our systems.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] There is monitoring and reporting to the company's Audit team and Corporate Risk team, where Cybersecurity is also overseen by the Board on their respective agendas.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
Cybersecurity is periodically on the agenda of our Board of Directors, in addition to specific Cyber Committees within the company alongside executives. There is monitoring and reporting to the company's Audit team and Corporate Risk team, where Cybersecurity is also overseen by the Board on their respective agendas.
Cybersecurity Risk Role of Management [Text Block]
We have an internally formalized process, based on the ISO 27005 framework, that defines the management of cybersecurity risks, aiming to identify, monitor, and communicate information security risks that may impact the business through a systematic approach and a continuous process, monitoring and, whenever possible, reducing the likelihood of causing any type of damage to our assets. Risks are periodically reported to management, as well as relevant information security incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
At Suzano, she leads a robust Information Technology team, where one of the managements is responsible for Cybersecurity. In the position of Cybersecurity Manager, we have a leader with expertise in the subject and over 14 years of experience in Cybersecurity, having led the topic in various industries.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] we have a leader with expertise in the subject and over 14 years of experience in Cybersecurity, having led the topic in various industries.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
To fulfill this responsibility, it is equipped with information from established information security processes and controls, periodically reporting strategic indicators to the security committee, and to the audit and executive committees as requested.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true