INFORMATION SECURITY POLICY

Objectway Group information security policy supports the implementation of the mission, values, vision and strategy for all the Group, with the aim to satisfy customers’ requirements in the target market sector.

This policy has been established by Top management, communicated to all the organization and to some interested parties (where required), reviewed at least yearly and modified, when and if needed.

Objectway is committed to developing and implementing the Objectway Enterprise System, compliant to ISO/IEC 27001 and 9001 standards, through the establishment of integrated processes and functions in order to achieve Group information security objectives.

Objectway is committed to implementation, improvement and updating of the Objectway Enterprise System, with the aim to:

  • ensure the compliance of contractual requirements and applicable laws;
  • prevent information security incidents and legal issues;
  • be aligned to business risks and finance and brand sustainability;
  • be aligned with relevant risk assessment results;
  • propose to customers a value proposition with products, services, relationships and brand;
  • increase group incomings and productivity;
  • reduce costs and avoid waste;
  • ensure the continual improvement of company ISMS;
  • achive and maintain ISMS certification as an important result for the consolidation of the brand on the market.

Information security objectives are established by the top management and implemented, as applicable, by all areas.
Main objectives are:

  • Customer relationship: customer satisfaction, market share and customer portfolio improvement;
  • Production: control and improvement of the information security in order to improve the competitive posture and ensure profit; control and improvement of the quality and security of delivered products, provided services, technical activities; improvement of the trust of customer on delivery teams; control of events that can have impacts on business activities; control and improvement of availability of all systems, mainly the ones used for providing services to customers;
  • Human resources: control and improvement of employees trust, competence development, hiring of new people for sustain growth;
  • Purchasing: control and improvement of acquired products and services, technical performance and customer performance when linked to contractors;
  • Internal Systems: availability of internal and hosted systems, control of events that can have impacts on operations.

In order to verify the achievement of objectives and implementation of this information security policy, top management has established measurement and monitoring activities that can help the evaluation of advantages of the Objectway Enterprise System and improvement plans.