INFORMATION SECURITY POLICY
12/01/2026
For Zucchetti Axess Spa, Information Security has as primary objective to protect personal data and information, as well as its technological, physical and logical infrastructure and organisational structure.
This means obtaining and maintaining an Information Security Management System in accordance with the UNI/EN/ISO 27001 standard, in the context of: “Design, production management, installation and maintenance of time and attendance terminals and software, access control and business security, and related support. Provision of cloud services in SaaS mode”.
The general objectives of the ISMS, pursued with the commitment of the appointed manager, are:
- to demonstrate to the market the ability to consistently provide secure products/services, while maximising business objectives;
- to minimise the risk of loss of confidentiality, unavailability and corruption of customers’ data by planning and managing activities that ensure service continuity and by introducing any action aimed at preventing the corruption or inappropriate disclosure of such data;
- to carry out an appropriate risk analysis accordingly, determining the value of the information assets involved, the mitigation actions and assessing the residual risk, through the examination of associated vulnerabilities and threats;
- to comply with applicable laws and regulations, contractual requirements, and company standards and procedures. Particularly, the company, as an essential entity under the NIS2 Directive, acknowledges its responsibility to ensure a high level of cybersecurity and undertakes to achieve full compliance with the regulatory requirements set out by the Directive itself and by the national regulatory framework, including the provisions issued by the National Cybersecurity Agency (ACN). The organisation undertakes to strictly comply with the terms and obligations set out in the applicable legislation, immediately updating ISMS processes, controls and documentation in line with the developments in the regulatory framework;
- to promote collaboration, understanding and awareness of the ISMS among strategic suppliers;
- to comply with the principles and controls set out in ISO/IEC 27001, or other standards/regulations governing the business activities in which the company operates;
- to pursue continuous improvement.
Senior management undertakes to pursue the objectives of this policy with appropriate means and assets.
All personnel, within the scope of their respective responsibilities, are involved in reporting any encountered incidents and any weaknesses identified in the ISMS.
The entire organisation is committed to supporting the implementation, operation and periodic review of ISMS.
This policy is subject to periodic review and, in any case, whenever significant changes occur that affect the ISMS.
Lodi, 12th January 2026
General Management