Information Security Policy
The Management of Marcopolo International S.r.l., by making human, instrumental and economic resources available, operates in the transport sector with great commitment to ensure the highest level of security of the information managed.
The Management of Marcopolo International S.r.l. is aware that the continuous improvement of its performance in terms of Information Security entails a significant benefit for all interested parties, satisfying the expectations for improvement relating to the context in which the company operates.
The Management of Marcopolo International Srl, taking into account the purposes and the context in which it operates, therefore undertakes to pursue a policy of continuous improvement of its performance in terms of Information Security, favoring prevention and minimizing, where technically possible and economically sustainable , the risks associated with the information itself.
Marcopolo International S.r.l. makes this document known, disseminates it to interested parties and undertakes to ensure that:
- an effective Information Security Management System is put in place and kept active according to the requirements of the UNI CEI EN ISO / IEC 27001: 2017 standard;
- there is a continuous pursuit of improving the performance of the Information Security Management System;
- ensure that its business is carried out in compliance with the current legal provisions and with any signed codes of practice;
- adequate training is guaranteed for its workers to increase their skills and keep the focus on Information Security high;
- every effort is made in organizational, operational and technological terms and there is maximum involvement of the interested parties;
- regular maintenance / updating of hardware and software infrastructures is ensured, in order to guarantee maximum reliability;
- Information Security objectives are disseminated within the company to encourage the involvement of staff and the reporting of potential dangers.
The company looks ahead and sets new and ambitious goals.
The Information Security Policy focuses, in particular, on the following areas:
- staff training, conducted in a systematic, extensive and detailed manner with reference to the specific tasks of each;
- the monitoring of non-conformities, the results of which are reported at the relevant levels of the company and are accompanied by the review of the event, which allows the definition of corrective actions to be then disseminated to all staff;
- activate programs to spread awareness and culture on information security;
- the qualification of suppliers, where possible, carried out on the basis of considerations and assessments on aspects related to information security;
- making important information available to employees for the management of business continuity;
- the presence of other management systems (UNI EN ISO 9001);
- management of the aspects of attention relating to the reduction of risks for information, giving specific evidence at the level of company policy, roles, functions and responsibilities;
- define the objectives and performance factors of the system, and the methods to monitor them;
- monitor exposure to information security threats;
- enhance reporting and anomaly monitoring procedures;
- enhance the awareness, information and involvement aspects of employees on issues related to information risks.
- Confidentiality - information accessible only to duly authorized subjects and / or processes;
- Integrity - safeguarding the consistency of information from unauthorized changes;
- Availability - ease of access to necessary information;
- Control - assurance that data management processes and tools are safe and tested;
- Authenticity - reliable source of information;
- Privacy - guarantee of protection and control of personal data.