Integrated Management System Policy
(Quality, Workplace Health and Safety, Information Security Management)
ISO 45001 – ISO 9001 – ISO/IEC 27001

To all Business unit managers
cc: all staff

In accordance with the provisions of the Integrated Management System Manual for Quality, Workplace Health and Safety, and Information Security, this document outlines the Company Policy, which is based on the following principles:

    1. Customer satisfaction means meeting their needs and expectations.
    2. Ensure:
      • Excellence and professionalism in service delivery.
      • Commitment to customer needs and maximum flexibility in meeting their requirements.
      • Compliance with health and safety regulations, both within the company and at client locations.
      • Adherence to internal procedures for the secure management of company assets and data.
      • Continuous focus on protecting the health and safety of employees and those of partner companies operating on behalf of the organization.
      • Commitment to preventing injuries and health risks, as well as to the continuous improvement of health and safety management and performance in the workplace.
      • Strict compliance with applicable laws and regulatory requirements concerning:
        (i) the quality of services provided, (ii) the assurance of the highest safety standards, including during consultancy activities at client sites, and (iii) workplace health and safety hazards.
      • Proactive emergency prevention and prompt response, achieved through the implementation of controls to manage health and safety risks.
      • The three key objectives of information security:
        • Availability: Ensuring that authorized users have access to information and related assets whenever needed.
        • Confidentiality: Guaranteeing that information is accessible only to those authorized to access it.
        • Integrity: Protecting the accuracy, completeness, and proper processing of information.
    3. Identify security needs through risk analysis, enabling awareness of the organization’s exposure to threats within its information system, while also considering the risks associated with the use of cloud services. Particular attention is given to:
      • The actual likelihood of an event occurring.
      • The vulnerability of the analyzed asset in relation to potential threats.
      • The preventive effectiveness of the implemented countermeasures.
      • The potential impact of a security incident.
      • The mitigating effect of the implemented countermeasures in reducing potential damages.
    4. Ensure the implementation and compliance of security policies and measures across all organizational, procedural, and technological areas, including cloud services, in a consistent manner aligned with defined objectives.
    5. Promote prevention within the organization through internal communication and information sharing.
    6. Maintain ongoing consultation with employees to enhance the efficiency of the workplace safety management system.
    7. Training and consultation serve as key tools to foster engagement and contribute to service improvement.
    8. Quality means getting things right the first time. While this requires greater initial effort, it reduces the need for corrections and minimizes inefficiencies.
    9. The Executive Management annually defines objectives and resources for Quality, Workplace Health, and Safety, based on customer needs and market demands.
    10. Suppliers, customers, and all stakeholders are essential to our company and must be actively involved in our continuous improvement program.
    11. The success of our organization relies on the professional and cultural development of individuals at all levels. Therefore, a structured and consistent Training Plan must be established to ensure meaningful growth.

Rev. 10 – Issue 07.02.2025
Chief Executive Officer: Giampiero Lampasona