INFORMATION SECURITY POLICY

COMPANY POLICY FOR THE SECURITY OF INFORMATION AND PERSONAL DATA


SYSDAT.IT, in providing its services to Clients, is committed to ensuring adequate protection of information not only for the Clients themselves, but also for all other stakeholders. The security measures adopted by the company ensure the protection of information in terms of CONFIDENTIALITY, INTEGRITY and AVAILABILITY.


More specifically, SYSDAT.IT pursues the following objectives:

  • compliance with all information security requirements requested by Clients;
  • compliance with applicable regulations on information security and personal data protection;
  • adoption of organizational policies and technical solutions aimed at increasing the security of information and personal data processed within business processes;
  • continuous improvement of the IT infrastructure and performance monitoring to ensure high performance and service continuity;
  • training and awareness of all personnel and any collaborators on security, cybersecurity, and general behavioral rules for information management;
  • development of collaborative relationships with suppliers to ensure maximum attention to information security requirements.


The Policy is implemented through an Information Security Management System (ISMS) compliant with ISO/IEC 27001 and with applicable cybersecurity and personal data protection regulations, with the following commitments:

  • promote a risk-based thinking approach, identifying and assessing risks in order to adopt appropriate mitigation actions;
  • manage information security through a process-based approach, respecting regulatory requirements and defined risk levels;
  • clearly define requirements and methods of collaboration with suppliers, partners, and collaborators who impact business processes;
  • detect, assess, and promptly manage any event, incident, or near‑miss related to information security;
  • establish measurable objectives and monitor their achievement through performance indicators;
  • pursue continuous improvement of processes and of the system’s effectiveness.


Management, based on context analysis, stakeholder needs, and the outcomes of risk/opportunity assessments, and in accordance with the principles of this Policy, annually defines an Improvement Plan with objectives, responsibilities, and implementation methods. Failure to apply this Policy may expose the company and its Clients to serious economic and reputational risks.


Management is committed to supporting the implementation and development of the ISMS, assigning roles and responsibilities, and providing adequate resources for its implementation, monitoring, review, and continuous improvement. This Policy is shared to employees, collaborators, and external stakeholders. Each year, as part of the System Review, its adequacy is verified and, if necessary, updated.