ISO IEC 27001

The CEO of Enerbrain SRL has decided to develop and implement an Information Security Management System that complies with the requirements of the international standard ISO/IEC 27001, in order to better structure its processes, optimize its organization in order to make its Information Security objectives consistent with its strategic lines, which have become essential and decisive in the very particular and constantly evolving market in which the Group operates.

For Enerbrain SRL, information security has as its primary objective the protection of data and information, the technological, physical, logical and organizational structure responsible for their management. This means obtaining and maintaining a secure information management system, within the scope defined for the Information Security Management System, through compliance with the following properties:

1. Confidentiality: ensuring that information is accessible only to duly authorized individuals and/or processes;
2. Integrity: safeguarding the consistency of information from unauthorized modification;
3. Availability: ensuring that authorized users have access to the information and associated architectural elements when they request it.

As part of the management of the services offered Enerbrain SRL ensures:

• the continuous improvement of information security, real and perceived, of its products/services, through the technological improvement of the existing and with a working method predisposed to continuous research and innovation
• the satisfaction of the implicit and explicit requirements of the customer
• full compliance with the Service Level Agreements established with customers
  compliance with current regulations and international safety standards
• the guarantee of entrusting reliable and qualified partners with the processing of its information assets

Enerbrain SRL’s information security policy is guided by the following principles:

• Ensure that the organization has full knowledge of the information managed and an assessment of its criticality, in order to facilitate the implementation of the appropriate levels of protection.
• Ensure secure access to information, so as to prevent unauthorized processing or carried out without the necessary rights.
• Ensure that the organization and third parties cooperate in the processing of information by adopting procedures to comply with appropriate levels of security.
• Ensure the physical and logical security of information assets and operational assets.
• Ensure compliance with legal requirements and adherence to security commitments established in contracts with third parties.
• Ensure detection of anomalous events, incidents and vulnerabilities of information systems in order to comply with security and availability of services and information.
• Ensure corporate business continuity and disaster recovery, through the application of established security procedures.

The information security policy is formalized in the Information Security Management System, is constantly updated to ensure its continuous improvement, and is shared with the organization, third parties and customers through the corporate server, website and specific communication channels.

there 01.09.2023

The chief executive officer

Giuseppe Giordano