INFORMATION SECURITY POLICY

Information Security Policy of IHI Charging Systems International S.p.A.

The information security policy of IHI Charging Systems International S.p.A. S.p.A. (hereafter "ICSI S.p.A.") represents the commitment to ensure an effective and constantly improving Information Security Management System, and is inspired by the following general principles and objectives:

1. Ensure the protection of information, information systems, networks, and operations, proportionate to the risks to which ITY is exposed and their criticality;
2. Ensure compliance with current legislation applicable to the context in which ITY operates;
3. Define and communicate roles and responsibilities related to information security and cybersecurity, clarifying the responsibilities of all actors involved according to the need-to-know principle, including the roles responsible for managing compliance and communications with the competent authority.
4. Define processes and standards that ensure an adequate level of protection;
5. Ensure constant monitoring of security levels and define processes that allow for their improvement, as well as constant updating of new threats and risks;
6. Ensure that anomalies and incidents affecting the information system and corporate security levels (in terms of Confidentiality, Integrity, and Availability and service levels) are promptly recognized and correctly managed, including, where applicable, communications and notifications required by current legislation, through efficient prevention, communication, and response systems in order to minimize the impact on the business (Business continuity);
7. Ensure secure access to information, information services, and networks in order to prevent unauthorized processing without the necessary rights;
8. Ensure that the organization and third parties collaborate in the processing of information by adopting procedures aimed at complying with adequate security levels, operating with full awareness of security issues;
1. Ensure that access to critical company premises and individual rooms is restricted to authorized personnel only, in order to guarantee the security of the areas and assets present;
10. The processing of personal data held by ITY is carried out in compliance with the European General Data Protection Regulation GDPR 2016/679.
11. Ensure, where applicable, compliance with the cybersecurity obligations set out in Directive (EU) 2022/2555 (NIS2) and the national transposition legislation, with particular reference to the protection of relevant information and network systems supporting critical processes and services.

Our Information Security contacts

If you're our partner that collaborates with us, for all notifications or queries regarding your company or to inform us about potential incidents and/or data breaches please send us an email to:

ict-datasecurity@ihi-csi.it