QUALITY AND INFORMATION SECURITY POLICY CONFORMED TO UNI EN ISO 9001:2015 UNI CEI EN ISO/IEC 27001:2017
- Purpose
Hibo s.r.l. believes the pursuing of quality service and safety of information to be crucial factors in protecting Clients’ information assets. The Company is also particularly sensitive to themes such as security during the issuing of services, which is considered a primary resource. The Integrated System applies to all Company activities, from context analysis to workflow definition and issuing of services, all the way to customer service.
Considering that the issuing of services to external individuals may involve the handover of sensitive data and information, Hibo s.r.l. adopts necessary technical and organizational measures to guarantee the intactness, privacy, and availability of Clients’ information assets.
Hibo s.r.l. decided to develop and adopt an Integrated Management System for Quality and Information Security conformed to UNI regulations EN ISO 9001:2015 and CEI EN ISO/IEC 27001:2017.
The application field of the Integrated Management System is as follows:
Strategic planning, creative development, and implementation of marketing and communication programs across digital and territorial channels, including design, development, and maintenance of innovative digital platforms. Definition and implementation of social strategy projects.
- Objectives
- Maintain the Company’s image as a reliable and competent supplier.
- Protect Clients’ information assets.
- Adopt the necessary measures to guarantee personnel loyalty and employees’ career growth within the Company.
- Raise awareness and competence among employees about security and service quality.
-
Privacy: The information is only known to those who have information privileges.
-
Intactness: The information can only be modified by those who have information privileges.
-
Availability: Upon request, the information can be accessed by processes and users who have the necessary privileges.
- Policy Contents
All information created and/or employed by the Company must be protected according to its classification from creation to deletion. The information must be managed in a secure, careful, and reliable way and must be readily accessible for the use allowed.
The quality and information security policy adopted by Hibo s.r.l. must provide a methodical approach to the quality and information security requirements for all organization components.
The fundamental principles upon which the Policy is based are described below.
- 3.1 Client Satisfaction
Management believes that Company strengthening and development can be achieved only by satisfying Clients’ needs, in accordance with the objectives of economy and efficiency. To achieve this goal, Management adopts the following policies:
- organize the Company based on a client-oriented approach to guarantee the meeting and maintaining of Clients’ expectations, in accordance with the objectives of effectiveness and efficiency;
- follow the Quality Management System’s inspiration principles in order to use it as a tool to measure the improvement of efficiency (financial result) and effectiveness (client satisfaction).
- 3.2 Continuous Improvement
The Company is committed to continuously improving the quality of issued services. In order to achieve this objective, the Company does its best to:
- identify Clients’ needs;
- predict and be ready for changes within the market, approaching every project as a new opportunity to plan a new strategy, implement new forms of storytelling, and realize innovative technological systems to connect brands with their target audience;
- improve process performance through the application of the Plan-Do-Check-Act (PDCA) model. This model involves:
- process planning and definition of process objectives;
- application of the activities expected from each process;
- the monitoring and measuring of process performance and objective achievement;
- the application of necessary actions to improve processes.
- 3.3 Skill Research and Development
Management is aware of the need for continuous research in terms of new solutions to improve the services offered to Clients. Employees’ skills will be trained and updated in that sense.
To reach this objective, Management follows a policy that involves:
- increasing the awareness among employees of specific skills applied to the services provided;
- involving personnel in training and update activities.
- 3.4 Company Involvement and Participation
The role of Management is to broadcast and explain the following fundamental principles to the Company’s personnel:
- continuous dedication to satisfying Clients’ needs;
- every Company function is both supplier and client: everyone must make sure they deliver work of the highest quality;
- Quality can only be ensured through everyone’s participation. All employees must commit to doing their job at their best, striving for continuous professional improvement. Each employee must be aware of the relevance and importance of their activities and of how they contribute to the achievement of Quality objectives;
- Quality must be pursued in collaboration with suppliers, as supply Quality contributes to Company Quality.
The Integrated Management System for Quality and Information Security must be fully received, accepted, and understood by all personnel involved in the issuing of services, as it is assumed within the scope of the organization that every employee not only will have contact with some or all of the information kept and handled by the Company but also views and knows all Hibo s.r.l. security and protection mechanisms within the scope of Service.
Hibo s.r.l. adopts the following guidelines:
- the activation of recurring training sessions for all involved personnel, with the sessions focused on the following themes:
- information privacy and confidentiality
- quality and information security policy
- internal procedures
- in-effect regulations
- the creation of an environment aware of the importance of security and the related risk, via the direct involvement of Company Management.
- 3.5 Personnel Loyalty
Management is responsible for encouraging and maintaining the awareness of belonging to a group of people that can face any operative obstacle. To achieve this objective, Management:
- periodically engages personnel in meetings dedicated to evaluating work difficulties and the processes to solve existing problems;
- involves personnel in the sharing of short- and mid-term Company objectives;
- promotes a relationship system based on skills and competence rather than on seniority.
- 3.6 Risk-Based Approach
Management and personnel must be committed to adopting a risk-based approach (Risk-Based Thinking) in order to give the Company a proactive quality, avoiding undesirable effects and promoting continuous improvement.
- 3.7 Legislative Conformity
As mentioned above, the guidelines are as follows:
- guarantee compliance with civil and criminal laws and with statutory and regulated obligations;
- guarantee compliance with contract terms previously defined with Clients;
- guarantee compliance with specific regulations that Hibo adopted either voluntarily or mandatorily.
Italian legislation is especially strict for what concerns privacy, which in Hibo s.r.l. includes both the personal information of employees, clients, and suppliers and the information and data that Hibo s.r.l. manages on behalf of its Clients.