In order to guarantee maximum satisfaction of its Customers and, more generally, of all interested parties, the Management of ABSTRACT S.R.L. (hereinafter Abstract), has defined this "Policy for Quality, the Environment and Information Security" framing it in a broader strategic vision
corporate.
Already certified quality for the UNI EN ISO 9001: 2015 standard in the context of "Provision of business support and consultancy services, product development, installation of proprietary and third-party packages, integration of solutions, assistance and maintenance services, in the Information Technology sector", has decided to adopt and maintain an active Integrated Quality, Environment and Data and Information Security Management system, in compliance with the UNI EN ISO 14064-1:2019 and UNI CEI ISO/IEC 27001:2014 standards. .
Abstract believes that the adoption of an Integrated Management System is a key element of its strategy and promotes commitment to it at all levels of the organization. Furthermore, Abstract, aware of its leadership role, spreads and supports the commitment to satisfying the requirements of the Integrated Management System and to continuously improving its effectiveness, sharing its importance with all collaborators through effective communication actions and constant controls estimates for the safe maintenance of all data and information both internally and as the object of the service to the Customer.
Abstract believes that the adoption of an Integrated Management System is a key element of its strategy and promotes commitment to it at all levels of the organization. Furthermore, Abstract, aware of its leadership role, spreads and supports the commitment to satisfying the requirements of the Integrated Management System and to continuously improving its effectiveness, sharing its importance with all collaborators through effective communication actions and constant controls estimates for the safe maintenance of all data and information both internally and as the object of the service to the Customer.
The strategic lines on which the Integrated Quality, Environment and Data and Information Security Management System is based are:
constant commitment to ensure that the actions and behaviors of everyone in Abstract are based on the objective of guaranteeing the security of data and information both internally and of customers and other stakeholders;
strong sensitivity towards the environment;
support the customer so that the product requirements, both specific and mandatory, are respected and allow full satisfaction of the end user to be achieved;
guarantee availability and timeliness in resolving potential incidents that may threaten the service both in terms of business continuity and information security;
guarantee absolute rigor in the search for potential risks connected to the service by carrying out continuous monitoring for the quality and security of information through Internal Audits and Management Review;
maintain systematic management of activities by continuously monitoring the work status;
maintain, following the review of information security risks, full compliance with company procedures, instructions, policies and directives, to ensure full compliance of the system, rules, laws, regulatory requirements and directives, as well as contractual obligations related to safety;
provide a high quality standard with added value.
Abstract's collaborators are required to respect, in the execution of their activities, the provisions of the Integrated Management System and the procedures referred to by it, achieving the assigned objectives. To this end, the Abstract Management, through the relevant functions, plans and implements
the continuous involvement, training and updating of staff at all levels, with particular attention to compliance with the established standards.
In carrying out its activities, Abstract undertakes to observe the "Quality Policy,
the Environment and Information Security" (Integrated Policy). The commitments of the Integrated Policy are translated into a plan of defined, measurable and appropriate objectives for the individual levels of the organization.
These objectives are based on the following principles:
Customer focus
Through a direct, frank and transparent relationship aimed at building a partnership relationship, rather than the mere provision of a service, we pay constant attention to the needs of our customers, also interpreting unexpressed needs. In short, «go beyond»;
Leadership
Our work is carried out in full awareness that people are our strength and the key to our success; everyone is a leader of themselves and/or of the team they possibly manage;
Active participation of people
Abstract's commitment is constantly oriented towards enhancing its collaborators who, with competence and professionalism, represent the main "critical success factor" for the Company. The individual growth of Abstract's collaborators represents the driving force for the growth of the Company as a whole;
Assessment of risks and opportunities
Abstract plans its processes with a "risk-based thinking" approach in order to implement the most suitable actions to: evaluate and treat risks associated with business processes, data and information security and the environment; exploit and strengthen identified opportunities; promote at all levels an adequate sense of proactivity in the management of one's risks and activities;
Process approach
Following a logical path that arises and evolves with our experience, we offer services and products that respond to customer needs and are "scalable and adaptable" as they change;
Improvement
By applying an essential mental approach, which starts from the awareness of what we do, how we do it and what we want to do; the constant improvement of each of us is the path that leads to improved service and customer satisfaction. Furthermore, Abstract has identified, in the setting up of the organization by processes and in the creation of an Integrated Management System, in compliance with the international standards ISO 9001, ISO 27001, ISO14064 one of the main approaches through which to pursue its values, its Integrated Policy and the objectives deriving from it;
Sustainable approach to the consumption of natural resources and attention to waste to protect the environment and to monitor, calculate, quantify GHG emissions within your organization and evaluate your Carbon Footprint in compliance with the UNI EN ISO 14064- standard 1:2019 obtaining certification.
To achieve the improvement objectives, Abstract has decided to implement actions aimed at reducing, as far as possible, GHG emissions, also through the adoption of a sustainable consumption model.
Furthermore, Abstract provides contributions for social and environmental activities, through the training and awareness of its staff and participation in specific initiatives. In terms of attention to the environment and environmental sustainability in general, Abstract's priority objective is to commit to ensuring that
its activities have an increasingly reduced environmental impact.
This process, included within our Integrated Policy, is focused on the following main commitments:
Select sources and GHG emissions
Defining the data and methodologies appropriate to the needs of interested parties; include all GHG emissions deemed relevant;
Allow a meaningful comparison of the related information; disclose sufficient and appropriate GHG-related information to enable interested parties to make decisions with reasonable confidence;
Improvements
Preparation of an awareness system for all staff and third parties in order to reduce uncertainties as much as possible, encouraging all Abstract members to adopt behavior that pays particular attention to the environment. Thus leading to the reduction of emissions;
Information Security Management is of fundamental importance; has as its primary objective the protection of data and information in order to protect the assets represented by company knowledge, that of its customers, stakeholders and to protect the natural persons whose personal data is processed. To this end, it undertakes to implement actions and behaviors aimed at preserving them.
Abstract's Integrated Policy regarding Information Security defines and organizes information confidentiality, IT integrity and manages all aspects related to it, from technical to management and business ones, including confidentiality and availability of data.
The entire internal and external organization of Abstract is required to respect and apply the Integrated Policy and consequently the Data and Information Security Management System within the scope of the activities carried out and the services provided.
With specific reference to data and information security, Abstract considers the following principles to be fundamental:
Integrity
In order to safeguard information and data from possible unauthorized modifications or deletions, following errors or voluntary actions or system malfunction;
Confidentiality and Privacy
To ensure that information and data are accessible only to authorized individuals and processes and that they are not made available to unauthorized persons or entities. Confidentiality and protection of intellectual property. Guarantee the protection and control of personal data;
Availability
Ensure that authorized parties have access to data, information and reference systems when they request them. Thus safeguarding all the assets of data and information, guaranteeing correct access, use and confidentiality and reducing the associated risks (tampering, data theft, etc.);
Check
To ensure that Data and Information management always occurs through secure processes and tools. Commitment to select reliable suppliers and partners from the point of view of secure management of information and protection of personal data;
Regulations
Compliance with current national and international laws and regulations;
The organization and third parties are adequately informed and trained, thus ensuring that they have full awareness of the issues relating to security, of the obligations and responsibilities of each in the management of information security and of the consequences in the event of events, whether malicious or negligent. , relating to the unauthorized modification or destruction of critical information;
Evidence-based decision making
Our agile and light corporate structure allows us to easily share information and make it evident;
The Management also undertakes to make adequate resources and means available to achieve the objectives and goals set, in terms of development of competence, equipment, information and economic resources, constantly monitoring their adequacy.
Audits of the Integrated Management System are carried out on a regular basis in order to verify its implementation and effectiveness in achieving the objectives and to plan any corrective and improvement actions. Abstract undertakes to review the adequacy of the Integrated Policy at least once a year and to provide indications on any corrections and/or improvements to be made to its structure.
Abstract is committed to ensuring that the Integrated Policy is communicated, respected and understood for its application by staff and relevant stakeholders. To this end, the Management has periodically decided to review and, when necessary, publish and make available company information through the company intranet, emails, weekly meetings, online through MS Teams and on the company website.
In order to promote the dissemination and understanding of the Integrated Policy, the Management constantly tries to involve the Function Managers in order to spread awareness of the role of the individual in the organization.
