This document contains the Solos policy on quality and information security – in line with UNI EN ISO 9001:2015 and ISO/IEC 27001:2013.
The management of Solos is fully committed to the company’s policy on quality and information security, therefore it strives to:
- continuously improve the Integrated Management System, which is appropriately chosen on the basis of the Customers’ business, with the aim to create a strategic tool to achieve the business objectives;
- adequately manage the risks and opportunities that may affect the conformity of the activities carried out, in order to satisfy the needs and expectations of all internal and external stakeholders and to maintain their full confidence in Solos as partner and solution provider.
All our efforts, activities and solutions are considered as an expression of quality that is contextually aimed to protect information assets.
The demands and expectations of the Customer must be satisfied by our activities and solutions – in accordance with what was previously agreed – while protecting all the information in our possession.
This commitment is manifested in two ways, by enhancing systems that are in line with the available resources and with the current technology – according to the needs established by the risk analysis – and by defining roles, responsibilities and procedures.
The Management of Solos is committed to ensuring the planning, implementation, monitoring and development of an adequate management information system, which will be in compliance with all legal and contractual obligations, as well as with corporate decisions relating to the ISMS certification and ISO/IEC 27001: 2013 international standard.
Therefore, the Solos key principles underpinning the management processes that deal with quality and security of information are:
PROFESSIONALISM, COMPETENCE AND RESPONSIBILITY
INNOVATION AND DIVERSIFICATION OF THE SERVICE
SECURITY OF MANAGED INFORMATION
CONTINUOUS IMPROVEMENT OF THE SERVICE
INVOLVEMENT OF ALL INTERESTED PARTIES
COMPLIANCE WITH BOTH MANDATORY REQUIREMENTS AND CUSTOMER REQUESTS
- To achieve a business organization that allows to meet the demands and expectations of the Customer.
- To handle with care the integrity, availability and confidentiality of the information received from Customers and suppliers.
- To set and implement an integrated system while complying with international standards, laws concerning security and compulsory regulations.
- To train and motivate all employees to continuously improve the quality of their work, with periodic reviews of the assigned objectives.
- To train staff on security in the workplace, especially on issues concerning the abuse of alcohol: making information available by posting documents and the like in staff areas.
- To constantly monitor air quality in order to verify the possible presence of asbestos.
- To regularly review this integrated policy – in accordance with the purposes of our organization and with subsequent communication to all interested parties – with the aim of verifying its validity at set intervals and whenever the management deems it necessary to ensure suitability over time.
- To make this integrated policy available through display in staff areas and on the company’s website (on the corporate website), thus allowing external stakeholders to consult it.
- To safeguard the interests of the Company, its employees and third parties operating at Solos, within the scope defined in the Solos Quality Manual of Integrated Management System for Quality and Information Security.
- To protect Solos intellectual property rights and guarantee regulatory and contractual compliance rights of the provided project and solutions.
- To perform an appropriate risk analysis of any project based on the technical feasibility, regulatory compliance and economic sustainability in order to prevent any events that could affect the confidentiality, integrity and security of information assets. Solos maintains continuous control of its projects and solutions throughout the design and execution process to ensure compliance with the confidentiality and information security requirements based on its own Integrated Management System for Quality and Information Security.
- To plan and quantify the objectives concerning the actions aimed at continuously improve the Integrated Management System (quality and information security) of Solos.
Given all the above, the management of Solos supports the development of the integrated management process, adopting the following as operational guidelines:
Design, implementation and management of information security systems (preventive and emergency) according to the policies and guidelines set by the company.
Planning and implementing continuous training, as well as keeping Solos employees informed about the requirements, processes and procedures of the Integrated Management System for Quality and Information Security, in order to guarantee regulatory compliance of its projects and solutions.
Optimization of security measures, in accordance with the company risk management documentation, both in terms of quality and information security.