Quality and Information Security Policy
The provision of quality services and the security and protection of information assets are essential conditions for the achievement of Siamatica Srl’s business objectives. The requirements for information security are consistent with the objectives of the Organization and the Quality and Information Security Management System (QIMS) represents the tool that allows the identification of correct best practices and/or best in class for the constant improvement of company quality, the sharing of information, the performance of correct operations and the reduction of risks related to information to acceptable levels. In consideration of this, the performance of company activities must always take place ensuring adequate levels of availability, integrity and confidentiality of information through the adoption of a formal “Quality and Information Security Management System” (QIMS) in line with the requirements expected by Siamatica Srl’s stakeholders.
In particular, the Quality and Information Security Management System is applied to:
“Attività consulenziali volte all’ottimizzazione dei processi aziendali, al Project Management e attività di Strategy Consulting”
The general objectives of the QIMS, pursued with the commitment of the management, are:
- demonstrate to its stakeholders that it provides quality services that follow defined processes aimed at continuous improvement;
- demonstrate to customers its ability to consistently deliver secure services, maximizing business objectives;
- minimise the risk of loss and/or unavailability of customer data, planning and managing activities to ensure continuity of service;
- carry out a continuous and adequate risk analysis that constantly examines the vulnerabilities and threats associated with the activities to which the system applies;
- comply with applicable laws and regulations, contractual requirements, company rules and procedures;
- promote collaboration, understanding and awareness of the QIMS by strategic suppliers;
- comply with the principles and controls established by ISO 9001 and ISO 27001 or other rules/regulations governing the business activities in which the company operates, including, in particular, regulations relating to Privacy and the security of personal data (GDPR). In this sense, the company acts mainly as a “Data Processor” or as a Data Processor pursuant to Article 28 of the GDPR, declaring this status and the related obligations that derive from it in contracts with customers.
The entire company and its partners are involved in the reporting of any non-conformities with respect to the expected results on the quality of services, in the reporting of incidents found in terms of information security, as well as any weaknesses identified in the QIMS and are committed to supporting the implementation, implementation, periodic review and continuous improvement of the QIMS.
The company’s top management undertakes to pursue, with the appropriate means and resources, the objectives of this policy, with the ultimate aim of continuous improvement of the quality of its work and information security in the provision of its services.
Version 1.0 of 16/05/2023