Information Security Policy

According to the UNI CEI EN ISO/IEC 27001:2017 standard

Infordata Sistemi S.r.l. (hereinafter referred to as “Infordata” or “the Company”) is a company that markets electronic equipment for access control and PVC badge printing. It also develops software for the identification and traceability of people and things, providing services in SaaS mode.

Given the nature of its activities, the Company considers information security an essential factor for the protection of its information assets and a strategically valuable factor that can be easily transformed into a competitive advantage.

Infordata pays particular attention to issues related to security during the design and development lifecycle of its products, which are considered a primary asset of the company.

The ISMS (Information Security Management System) applies to all activities related to the analysis, design, development, and maintenance of products and services, as well as the data associated with them.

Aware that its services for external parties may involve the handling of sensitive data and information, the company is committed to operating in accordance with internationally recognized security regulations. For this reason, measures, both technical and organizational, will be adopted to best ensure the integrity, confidentiality, and availability of both internal and customer-trusted information.

Based on these principles, Infordata has decided to implement an Information Security Management System (ISMS) defined according to rules and criteria specified by international reference standards, in accordance with the UNI CEI EN ISO/IEC 27001:2017 international standard.

This document is based on the following standards:

• Regulation (EU) 16/679 (GDPR)
• Legislative Decree 30 June 2003, n. 196 – Code regarding the protection of personal data (Previous privacy legislation)
• Legislative Decree 101/2018 – Adaptation of Italian legislation to the GDPR (EU Regulation 2016/679)
• AgID Circular No. 3 of April 9, 2018 – Criteria for the qualification of SaaS services for the PA Cloud
• ISO/IEC 27001 – Information Security Management System
• Applying the controls indicated by ISO/IEC 27017:2015 and ISO/IEC 27018:2019 guidelines where applicable.

This Information Security Policy applies to the operational and managerial activities of Infordata Sistemi S.r.l. within the scope of:

Marketing electronic equipment and PVC badge printing.

Development of software for the identification and traceability of people and things, providing services in SaaS mode, applying additional controls as provided by ISO/IEC 27017:2015 and ISO/IEC 27018:2019.

Declaration of Applicability Rev. 1 dated 15.09.2021

The Company is committed to ensuring the security of information and personal data processed within the scope of the services provided in accordance with applicable regulations, particularly according to the requirements dictated by the UNI CEI EN ISO/IEC 27001:2017 standard, chosen as the reference standard for the correct characterization and reputation of the organization towards stakeholders.

To achieve this strategic objective in information security, Infordata aims to:

• Ensure adequate protection of information and personal data in terms of integrity, availability, and confidentiality by implementing a structured information protection model, oriented towards effective risk analysis and management.
• Involve the entire organizational structure and personnel engaged in processes, providing adequate resources to pursue the security program.
• Assign well-defined roles and responsibilities internally.
• Provide adequate training to ensure a high level of competence and awareness of the responsibilities of its resources involved in processes and information treatments at various levels.
• Conduct effective and constant monitoring of processes entrusted to strategic partners and suppliers, used in services provided by Infordata, which deeply impact the security and operational continuity preservation chain.
• Ensure compliance with applicable laws and regulations regarding the processing of personal data and information security.
• Respond effectively to growing threats to information systems in cyberspace.
• Preferentially use modern Cloud delivery technologies, adopting high-level infrastructures that can guarantee high levels of service, scalability, and information security.

The Security Policy is disseminated to all staff, collaborators, customers, and suppliers through the institutional website, where the most updated version is available.

The Security Manager, through appropriate informative and training sessions, sensitizes internal users to the correct application of information security procedures, encouraging them to actively collaborate for an increasingly coordinated and exhaustive management of this issue.

As stipulated by ISO 27001, Infordata will periodically verify the effectiveness and efficiency of the Information Security Management System, providing adequate support for the adoption of necessary improvements to enable the activation of a continuous process that must control the changing conditions or business objectives to ensure its correct adaptation.