Policy for security of information

SUMMARY

1. Introduction
2. Principles
3. Objectives
4. References to Regulatory Aspects
5. Dissemination of Culture and Security Policies
6. Leadership Commitment
7. Methodology for Risk Analysis and Management

1. Introduction

REMIRA Italia S.r.l Socio Unico is a software company capable of addressing the numerous demands in the fashion and luxury industry through extensive expertise developed over the years, particularly in supply chain management and the development of complex software projects on cutting-edge technological platforms. To achieve this, REMIRA Italia S.r.l. Socio Unico offers a modular suite that covers all functionalities of the passive cycle, allowing complete integration, as each developed product is based on a common kernel.

With the ever-increasing use of new technologies, it is necessary to provide assurances not only on the quality of services provided but also on the handling of information related to service delivery, internal staff, agents, partners, customers, and suppliers. Information is indeed a company asset that, much like other assets, holds value for the organization and therefore must be adequately protected. Information security is tasked with safeguarding information from a wide range of threats to ensure the continuity of business operations, minimize damage, and maximize return on investments and business opportunities.

Preserving the trust that customers have in REMIRA Italia S.r.l. Socio Unico requires that everyone contributes to the respect, protection, and security of all confidential data and information.

2.Principles

According to the definition of the ISO 27001 standard, information security is characterized by the safeguarding of the confidentiality, integrity, and availability of managed information.

Protecting the security of a system entails:

• Reducing the probability of cybersecurity parameters being violated to an acceptable level.
• Promptly identifying when and where such violations occur within the system.
• Limiting damage and restoring violated requirements as quickly as possible.

Supported by leadership directives, REMIRA Italia S.r.l. Socio Unico’s security program includes dedicated teams responsible for implementing security controls in all areas of the business that encompass a secure development lifecycle, from product design to continuous operational support. The security program is applied, monitored, maintained, improved, and documented in alignment with business objectives, referencing the international standard ISO/IEC 27001:2017. Implementing the security program requires the deployment, in compliance with business requirements, of security measures that reduce risk levels, as well as the application of policies, processes, procedures, controls, etc. that ensure compliance with expected requirements for confidentiality, integrity, and availability of information, in addition to compliance with current information security regulations such as backup, access control, and log monitoring.

3. Objectives

In order to effectively and efficiently meet the demands and needs of customers while ensuring the quality and security of services provided, REMIRA Italia S.r.l. Socio Unico has adopted industry best practices and implemented an Information Security Management System (ISMS) in accordance with the ISO 27001 standard.

The Information Security Management System (ISMS), designed by REMIRA Italia S.r.l. Socio Unico, is based on:

• Risk management for information security in synergy with overall corporate risk management and responsible use of corporate resources, achieved through the application of shared, repeatable, and enduring models that adhere to recognized international standards.
• Identification of organizational roles and responsibilities specifically involved in information security management.
• Employee awareness of information security, enhancement, and training of skills most relevant to information security.
• Continuous monitoring of the effectiveness and efficiency of the ISMS through the establishment of a set of indicators and their periodic measurement.
• The commitment of the management to provide the necessary resources for the implementation of corporate security policies, the pursuit of security objectives, and the continuous improvement and maintenance of the ISMS.

Moreover, given the fundamental importance of developing and managing a secure network, REMIRA Italia S.r.l. Socio Unico has selected equipment with security in mind and subjected them to regular maintenance. The product development lifecycle includes product assessments (both internal and third-party tests) and security project reviews as a standard practice within the development process. To ensure information confidentiality, REMIRA Italia S.r.l. Socio Unico manages both internal and external communications through encryption algorithms and appropriate certificates. Updated IT and OT security tools and methods are applied throughout the product lifecycle to mitigate risks and address vulnerabilities in accordance with current regulations. Therefore, REMIRA Italia S.r.l. Socio Unico has developed a corporate security system aligned with best practices and international standards, with a specific focus on adopting the ISO-27001 standard that involves implementing and applying stringent access control measures based on the “need-to-know” principle related to business operations, as well as regular monitoring and testing of the ISMS.

4. References to Regulatory Aspects

All relevant mandatory and contractual requirements are identified by the organization.

The Regulatory Updates Procedure outlines the activities to ensure that:

• Regulatory updates related to privacy (GDPR – European Regulation 2016/679) are made available and communicated to the various business departments and functions concerned.
• Necessary updates to operational procedures and company information systems are carried out to comply with current regulations (Compliance).

The ISMS Coordinator ensures the monitoring and approval of the implementation of regulatory updates within the company.

5. Dissemination of Culture and Security Policies

Security is a process that involves everyone, individual awareness combined with responsible resource utilization plays a fundamental role in achieving security objectives. REMIRA Italia S.r.l. Socio Unico’s commitment to security begins and ends with its employees and stakeholders, and therefore, personnel are educated about its importance. The company is dedicated to instilling a culture of information security throughout the organization, deemed essential for the services provided by the company and the data it handles. This effort starts at the top, with the definition of roles and responsibilities, and it keeps awareness, culture, and corporate security alive throughout the workforce by regularly communicating comprehensive and easily understandable data security policies through internal communication channels.

Information security management concerns the entire company and is a significantly complex activity. There are dedicated teams involved in IT and product security. They ensure overall coordination of the entire management process and collaborate to promote best data security practices. It is crucial that all employees and third parties involved in business processes collaborate within their areas of expertise, adhering to the rules and operational procedures outlined in the Information Security Management System documentation (available on the corporate intranet) and implementing best practices and behaviors. For this reason, the communication of corporate security policies is extended to partners, suppliers, and customers during contract initiation or periodic renewals.

6. Leadership Commitment

The management fosters the development of a corporate culture that adheres to the rules and requirements of information security (for the benefit of the company, customers, and third parties) and promotes awareness and engagement of all corporate functions in contributing to security objectives. The management commits to providing the necessary resources for the implementation of corporate security policies, the pursuit of security objectives, and the continuous improvement and maintenance of the Information Security Management System. This commitment includes reviewing security policies at least once a year or in the event of significant changes to the business or infrastructure.

The management is dedicated to spreading and maintaining awareness, culture, and corporate security policies among all internal and external personnel through various internal communication channels (newsletters, training sessions, distribution of the IT Regulations that outline the rules and behaviors to be followed at REMIRA Italia S.r.l. Socio Unico, dissemination of policies to comply with laws and regulations, etc.).

7. Methodology for Risk Analysis and Management