e-matica is committed to a constant pursuit of excellence and competitiveness with the aim of retaining its customers for whom it aspires to be a solid, competent and reliable partner.
The organization aims to give effective and measurable results to the partners to whom it offers its services, thus contributing to the success of customers, their growth or the solution of particular problems in the management of active processes.
From its foundation to today, it has adopted some important corporate values that allow it to operate in the market with professionalism, competence, compliance with regulatory and ethical rules and transparency.
- Confidentiality, integrity and availability of information
- Service level
- Legal requirements
- Business continuity
- Management of all security breaches
- Using best practices to protect the organization’s information assets from intentional or accidental internal or external information security threats
- Aligning information security management with the organization’s strategic risk management context
- Setting information security goals and establishing guidelines and principles for action
- Establishing criteria for risk assessment and risk acceptance
- Controlling access to information resources, including networks, based on business and security needs
- Protecting information associated with the interconnection of corporate information systems
- Applying guarantees for information sharing
- Ensuring the protection of customer information residing in the organization’s infrastructures
- Ensuring compliance with legal requirements and principles related to information security in contracts with third parties
- Encouraging awareness of information security issues to all staff throughout the duration of the employment relationship
- Observing the clean desk policy for documents and removable storage media
- Observing the Clean Screen Policy for Information Processing Services
- Implementing adequate security measures for mobile computing and communications
- Using, where necessary, adequate cryptographic controls for the protection of information
- Establishing rules for the development of systems and the application of these rules to developments within the organization
- Prohibiting the use of unauthorized software and complying with intellectual property rights laws
- Protecting organizational and privacy protection data
- By handling information security incidents in a timely manner
- Making backup copies of information, software, and system images and testing them regularly
- Preparing a continuity plan that allows you to effectively deal with an unforeseen event, guaranteeing the restoration of services according to the contractual agreements in place
- Applying disciplinary actions and discouraging the misuse of information and data services by staff
- Ensuring compliance with the provisions of the law, statutes, regulations or contractual obligations and any requirement relating to information security
Each of us must operate in accordance with the provisions of our management system, respecting roles, duties and responsibilities, contributing for their competence and professionalism to the effective effectiveness of the Information Security Management System and compliance with this policy.
The effectiveness of our management system is continuously monitored through periodic appointments by management and company managers, in which specific reference parameters are verified and periodic inspections exist at all levels, conducted by both internal staff and external auditors.
Our policy is also to disseminate these concepts and to entice and convince all those around us (suppliers, colleagues, consultants and collaborators) that this is the only way forward, to safeguard our work.
This is our Information Security Management System policy and to this end we have built and must periodically review and maintain effective, a management system that applies the provisions of the international standard UNI CEI EN ISO / IEC 27001: 2017 and meets it the applicable requirements.