System Innovation implements and maintains the Information Security Management System. Through the application of the requirements defined by the UNI CEI EN ISO/IEC 27001:2022 standard, System Innovation offers consultancy, solutions and professional services in the ICT field, preserving the confidentiality, integrity and availability of information.

Aware that the management of information security is a complex process that requires the involvement of all Human Resources present within the corporate organizational context, System Innovation is committed to informing and training staff on information security,

raising awareness of the responsibilities and obligations that follow. System Innovation also undertakes to pursue objectives that guarantee the security of information and the protection of personal data in compliance with applicable mandatory requirements.

Principles and Objectives for Information Security

The implementation of the Information Security Policy was identified in pursuit of the following objectives:

• recertify the Information Security Management System, verifying that it is always in line with the company context, in application of the UNI CEI EN ISO/IEC 27001:2022 standard;
• preserve the confidentiality, integrity and availability of the information, ensuring that it is not made available or disclosed to unauthorized third parties;
• guarantee the customer high professionalism and competence of the staff to offer an always efficient service;
• ensure that Staff and all Collaborators are aware of the risks associated with incorrect management of processes relating to information security;
• ensure that suppliers and external collaborators are aware of and respect the security policies adopted by System Innovation;
• guarantee the security of information not only within System Innovation, but also externally during all phases of provision of professional services in the ICT field.

In order to pursue these objectives, System Innovation implements:

• preliminary assessments relating to the risks and opportunities connected to company processes to ascertain their continued suitability and applicability;
• verification activities, both internal and external, to guarantee the protection of data and resources;
• Management review which represents a key phase of the continuous improvement cycle.

System Innovation, sharing the principles and objectives for information security, fully supports a management system maintenance program, in order to make it solid and constantly compliant with regulatory requirements and customer needs.

The company managements undertake to approve, formalize, disseminate and implement this Information Security Management System Policy.