6. CYBERSECURITY

Our Cybersecurity Strategy is based on international standards under the NIST Cybersecurity Framework and CIS2 18 Security Controls. Additionally, we are 100% PCI DSS compliant.

Despegar launched an Information Security Awareness Program to educate employees and contractors about their responsibility to protect the confidentiality, availability and integrity of Company and customer information.

We also rely on an IT Risk Management Process to identify, assess, evaluate and monitor IT Risks, which is periodically updated (for more detail please refer to our 2020 ESG Report) and a Patch Management process in place to detect common vulnerabilities and apply security patches in a timely manner.

In order to identify security weaknesses in our applications or infrastructure, we perform Applications and Infrastructure Penetration Testing exercises that act like an actual external hacker.

Our InfraSec team periodically monitors Despegar’s Cloud Security Posture in order to identify and remediate risks to our infrastructure.

In case of an incident, Despegar relies on its Incident Response Team capable of performing computer forensic analysis and investigation. We have not had any significant cyber incidents in the past 5 years.