Information Security Policy

PURPOSE 
On this page, Pluribus One S.r.l. defines and illustrates its information security policy in relation to the Information Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard. 

Pluribus One operates in the cybersecurity market, where security is a key factor in the production of the solutions it distributes. The policy is based on the principles of effectiveness and efficiency and guarantees the transparency of operational processes and the security of information for clients, suppliers, and partners. 

Pluribus One has adopted its ISMS to:
- adequately protect its own information, as well as that of its clients and all other stakeholders whose information is managed, from potential threats;
- protect this information through the adoption of appropriate control plans and a continuous risk assessment process. 

Pluribus One ensures:
- the protection of information resources based on the sensitivity of the information, their availability when needed, and safeguarding them from unauthorized access or modification;
- that all its resources, including personnel, information, systems, and infrastructures, guarantee the confidentiality, integrity, and availability of information in the execution of its services, through specific controls that also meet regulatory and mandatory requirements related to information security, with particular reference to applicable standards and the protection of personal data. 

The ISMS defines the objectives pursued by Pluribus One in terms of information security. The company's management ensures its commitment to the continuous improvement of information security management. 

TARGET AUDIENCE 
This content is communicated and made available to all members, employees, collaborators, suppliers, contractors, partners, and any party that manages information for or on behalf of Pluribus One. 

OBJECTIVES 
Through the adoption of its ISMS, Pluribus One aims to:
- protect the business information (and that of its clients) acquired, processed, or generated in the provision of services, safeguarding their confidentiality, integrity, and availability;
- ensure proper access to information and prevent unauthorized access by all users connected in any capacity to its information systems;
- identify and implement within the ISMS perimeter the security measures to protect information from harmful events (breaches, misuse, fraud, etc.);
- define internal and external roles and responsibilities for information security;
- support staff and collaborators with adequate education and training to raise awareness and minimize risks related to cybersecurity awareness;
- ensure the continuity of information security management even in the event of critical or adverse scenarios or the materialization of threats;- ensure compliance with the principles expressed in the ISO/IEC 27001 standard;
- maintain control over the regulatory and technical context related to information security and protection, managing the related impacts on contractual documentation and, in general, the entire system. 

THE INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) 
The ISMS is an organized structure that coordinates and documents all the policies, procedures, and actions implemented to achieve information security objectives and align the organization with the ISO 27001 standard. The scope of the ISMS includes all activities and processes related to operational, administrative, and support activities. 

The management of Pluribus One:
- is directly responsible for implementing the policy and ensuring compliance by all interested parties;
- shares the principles and objectives of the ISMS and fully supports its realization and maintenance by providing the necessary resources;
- issues, approves, and updates this document, which serves as a reference for all other related or pertinent information security documentation;
- communicates the policy and makes it available to interested parties upon justified request. 

Pluribus One:
- has defined, approved, published, and communicated to employees and interested parties a set of information security policies always available upon request;
- periodically documents the state of the ISMS in relation to:
  - performance evaluation and compliance level with standards,
  - regulatory, contractual, and operational context. 

REVIEW AND UPDATE 
This page is periodically subject to revisions and updates to make corrections and additions or to ensure its adequacy and efficiency in the event of significant changes concerning information security.