Skip to main content

Information Security Policy

The management of Intré S.r.l., by preparing this document, intends to define the Information Security Policy, specifying its objectives and the commitments arising from it.

The general objectives for the Information Security Management System are as follows:

  • Create and implement an Information Security Management System in compliance with all applicable laws, regulations, and the maturity standards the company has decided to adhere to, or those required by Clients;
  • Create a continuously improving market image and guarantee Clients “business continuity” without risks of interruption caused by potential information security incidents;
    Reduce damages caused by potential incidents.
  • These objectives are aligned with the company’s goals, strategy, and business plans of the organization.

The purpose is to improve the procedures to ensure that the organization can operate more efficiently, enhance control and security of activities, and achieve increasingly challenging goals.

Intré S.r.l. provides services based on resources, including information. The use of informational resources must comply with best practices and work procedures, as well as legal, regulatory, and contractual requirements, and must guarantee the confidentiality, integrity, and availability of all informational resources of Intré S.r.l. and its Clients.

Information is an extremely important asset for Intré S.r.l. and allows the company to fulfill its functions and commercial obligations towards counterparties.

The Information Security Management System of Intré S.r.l. ensures that it meets legal, regulatory, and contractual requirements regarding information security, including those established by personal data protection laws (EU Regulation 2016/679, Legislative Decree 101/18, and Legislative Decree 196/03) and the Privacy Guarantor.

In terms of Information Security, in detail:

  • ISO 27001 – updated to the 2022 version;
  • The procedures will establish risk assessment criteria aligned with the current corporate strategic risk management policies approved by Intré S.r.l. It is the clear intention and task of management to strengthen internal awareness towards the increasingly challenging objectives of information security, enhance the company’s image and seriousness, especially through a search for transparency with its Clients, the professionalism recognized by the company, and an increasingly personalized and exclusive style.

Therefore, Intré S.r.l. is firmly committed to implementing and following this Information Security Policy so that it permeates and is implemented at all levels of the company. The company commits to training its collaborators accordingly.

This Policy represents the commitment on which the Information Security System is based.

All business processes (primary and supporting) are involved in the guidelines and directions defined in this document.

All interested parties are required to adopt appropriate security measures in line with the principles of this policy.

Failure to comply with or violation of the principles of this policy may lead to disciplinary action for employees as provided by the National Collective Labor Agreement (CCNL), as well as the application of all civil and criminal actions permitted, and for external interested parties, a revision of the contractual relationship between the parties up to the termination of the contract.

In particular, management assigns the responsibility for the Information Security Management System (ISMS) to ensure the application of the measures provided and to keep management informed of the results from periodic audits.

Management will periodically review, during the Management Review phase, the company’s current practices, policies, and guidelines to recommend any changes or improvements to ensure the application of appropriate security measures.

This policy is a controlled document and is kept available to employees on a read-only server and to all interested parties who request it. The Information Security Management System (ISMS) Manager must ensure that all changes are communicated and that obsolete copies are removed and/or archived.

Along with this policy, Intré S.r.l. has prepared specific policies to regulate the following topics: incident management, business continuity management, password management, change management, regulations on the proper use of company tools, and backup and information recovery management.

Monza, September 21, 2022