Information Protection Policy

The management and all of CSA S.c.a.r.l. personnel who create, manage and store digital archives for third parties are committed to protecting the confidentiality, integrity and availability of physical and electronic information assets, to protect competitive advantage, profitability, legal, regulatory and contractual compliance, as well as market image.

Data protection requirements are consistent with the Organization’s objectives, and the information security management system (ISMS) is the tool that allows information to be shared, the correct performance of operations and the reduction of related risks to acceptable levels.

From pick-up from the producer to any scrapping, through the adoption of rules, procedures and technologies, the storage system allows the storage of computer documents and administrative computer documents, as well as computer folders, i.e. computer documents with their associated metadata (containing references identifying each document in the folder), to guarantee authenticity, integrity, reliability, legibility and availability.

The storage system guarantees access to stored objects for the period required by law, regardless of technological changes.

CSA’s strategic plans and its risk management framework constitute the context for identifying, analyzing, evaluating and monitoring all information security risks through the implementation and maintenance of an information security management system (ISMS) that also covers the storage system rule updating. The applicability declaration, the risk assessment document and the processing plan, the responsibility of the ISMS manager, define the means by which we monitor these risks.

Additional fundamental elements for this policy are the business continuity policy and emergency plans, data backup procedures, malware and intrusion protection, system access controls and reporting mechanisms for data security problems. Control indicators for each of these areas are described in the system documentation and backed by specific procedures.

Everyone involved at CSA and any stakeholders within the perimeter defined for system application, are required to conduct themselves in a manner in accordance with the policy and the ISMS implementing it. Our people are provided all necessary and appropriate training.

The ISMS undergoes continuous and regular reviews and improvements, and the Company constantly maintains its certification according to standard UNI CEI ISO/IEC 27001:2014.

This policy is reviewed on a regular basis in order to take into consideration any change to risk assessment, and consequently, to the processing plan.

Download the Information Security Policy.

Rome, 20 February 2017

The Chairman of the Board of Directors
Gian Marco Di Domenico