Information and data security policy

1 Introduction

1.1 Scope

MSA Mizar Spa defines the Group’s information and personal data security policy with respect to the implementation of an information and personal data security management system in accordance with ISO/IEC 27001 and for the purpose of compliance with EU Regulation 2016/679 (General Data Protection Regulation so- called « GDPR »).

1.2 Scope of Application

This policy applies to MSA Mizar SpA and to all Group companies according to its coordination and control function.
Mizar ensures that all Group companies adopt an adequate level of protection of personal data processed both as Data Controller and Data Processor in full compliance with the provisions of the GDPR.

2 Information and data security policy

MSA Mizar bases its policy on the principles of maximum functionality, effectiveness and efficiency.
MSA Mizar recognizes as a fundamental principle the protection of information security aspects and personal data for the protection of all stakeholders, whether they are companies or individuals.
The centrality of stakeholders necessitates that these aspects be incorporated into business processes and applications from the system design stage.
Their security is ensured both in the performance of internal operational processes and throughout the entire cycle of service provided to customers.
Security and Privacy requirements are assessed and managed within the MSA Mizar group’s procedures and processes both at the time of their definition and as default settings according to « Security by design and default » and « Privacy by design and default » principles.
MSA Mizar also ensures visibility and transparency of operational processes by empowering its employees to simplify procedures, ensure easy access for customers and suppliers respecting information security.
MSA Mizar decides to establish an Information Security Management System (ISMS) in accordance with ISO/IEC27001 to secure and protect its own information, information of its customers and of its stakeholders from threats through a constant process of risk assessment.
MSA Mizar ensures information availability, the protection of information assets according to its sensitivity, and insuring safeguards from unauthorized access or modification.
MSA Mizar requires that all its resources, including personnel, information, systems, and infrastructure, ensure the confidentiality, integrity, and availability of information in the performance of its services in the market, through specific controls designed to meet regulatory and cogent requirements with particular reference to the regulations applicable to the protection of personal data.
The information security management system (ISMS) defines the objectives pursued by MSA Mizar regarding information security.
Management ensures its commitment to the continuous improvement of information security management.

2.1 Management Obligations – Objectives

MSA Mizar establishes and maintains the ISMS in accordance with the current international standard ISO/IEC27001.
The goals of information security are as follows:

  1. Protect information related to MSA Mizar’s procedures including information about citizens, companies, and internal employees by safeguarding the confidentiality, integrity, and availability of the information.
  2. Ensure proper access to accurate information and its availability preventing unauthorized access.
  3. Outline and implement security measures of the defined scope of the ISMS to protect information from breaches, misuse, and fraud.
  4. Prevent unauthorised accesses or changes of Personal Identifiable Information and protects the data subject rights from impacts in adherence to the principle of Accountability ex art.5.2 GDPR.
  5. Define external authorities and internal roles and responsibilities for information
  6. Support MSA Mizar staff with appropriate education and training to raise awareness of information security to minimize risks.
  7. Ensure business continuity in the event of an adverse scenario (such as during a crisis or disaster).
  8. Ensure compliance with the ISO/IEC27001
  9. Maintain compliance with contractual, legislative and regulatory provisions, particularly on information protection.

2.2 Implementation of the ISMS

MSA Mizar’s ISMS encompasses all policies, objectives, and procedures put in place to achieve information security objectives. Therefore, the scope of the ISMS includes all activities and processes regarding operational, administrative and support procedures.
Compliance with this information security policy is mandatory for all employees, suppliers, contractors, partners, and external parties that handle information of MSA Mizar. All managers are directly responsible for the implementation of the policy and compliance with it by personnel in their respective departments.
The MSA Mizar Board of Directors is aware that information security involves human and organizational resources, which must be deployed for continuous improvement of the information security management system.
The MSA Mizar Board of Directors shares the principles and objectives of the ISMS and fully supports its implementation and maintenance by providing the necessary resources for this purpose.
The Board of Directors approves and issues this Information Security Policy that represents the main document of reference for all other ISMS documents and must be communicated and made available to all interested parties.

2.3 Relevant policies and protection of records

MSA Mizar has established, approved, published and communicated to employees and stakeholders a set of information security policies. These policies are available to interested parties upon request and available on the company’s Web site.

2.4 Review

This policy is subject to review on a periodic basis and/or in the event of significant changes regarding information security to ensure its suitability, adequacy, and effectiveness.

MSA Mizar S.p.A.
7/1/2025
Board of Directors

Enter your
text here