Information security policy
REV 0 DATED 24/01/2022
The management of BizAway Srl SB, has defined this Policy for the protection of information and undertakes to:
- keep it active by periodically ensuring its revision and updating,
- ensure the necessary resources for the effective protection of information;
- define information security objectives;
- disseminate it to all levels of your organisation.
The application of the management system requires the full participation, commitment and interaction of all human and technological resources. All subjects who operate within the Company to achieve the Company’s objectives are required, without exception, to comply with this policy in the processing of data The purpose is to:
- ensure the protection and protection from all threats, internal or external, intentional or accidental, of information within the scope of its activities, in accordance with what is indicated in the ISO/IEC 27001 standard and in the ISO/IEC 27002 guidelines
- ensure the protection and protection of data in accordance with the indications provided by the European Regulation on the protection of personal data (GDPR 679/16).
- ensure the activation of a continuous process, which allows control and adaptation to management, environmental, business and legal changes that the company may face.
It is therefore necessary to ensure:
- the confidentiality of the data, i.e. the data must be accessible only to those who are authorised to do so.
- The integrity of the data, i.e. ensuring the accuracy and completeness of the data and the methods for its processing.
- The availability of data, meaning that only authorised users can actually access the data when they request it. The communication and dissemination of data to the outside only for the proper performance of the Company’s activities in compliance with the rules and regulations.
- Compliance with legal requirements and data security principles in contracts with third parties.
- Compliance with the provisions of the law, statutes, regulations and contractual obligations, as well as any requirement relating to data security.
- Safety aspects must be included in all phases of system design, development, operation, maintenance, servicing and decommissioning.
- Any access to the systems must be subject to an identification and authentication procedure, prevent unauthorised access to the offices and individual Company premises where the data is managed and the safety of the equipment must be guaranteed.
- Data access permissions must be differentiated according to the role and duties held by individuals, so that each user can access only the data they need, and must be periodically reviewed.
- That any incident is handled in a timely manner, i.e. everyone must report any safety issues.
*this text is an excerpt from the corporate information security policy document of BizAway S.r.l. SB