1. Purpose and field of application

The purpose of this document is to describe the general principles defined by OMNYS S.r.l. in order to develop a functional Integrated Management System according to ISO 9001:2015 and ISO/IEC 27001:2022 standards.

2. Description

For OMNYS, the delivery of innovative services in the IT sector is inspired by the following general lines:

• to work as a partner with the client on each project, rather than simply being a supplier;
• being innovative, constantly challenging our beliefs and adopting different perspectives every day, as the IT services industry is constantly changing;
• ensure the effective and continuous security of the customer, in accordance with the quality and regulatory standards required by the current market, giving the utmost attention to this aspect in our business activities;
• to achieve customer and stakeholder satisfaction as a key element of business success;
• the experience and expertise of the company's professionals are crucial to achieving excellent results;
• professionalism and proactivity are the optimal tools for the consistent and continuous implementation of information security systems.

3. Scope of application

The OMNYS Integrated Management System Policy applies to all internal employees and third parties involved in all processes related to the marketing, design, implementation, commissioning, delivery and ongoing support of the services provided.

4. Integrated Management System Policy

The OMNYS Integrated Management System Policy represents the organization's commitment to customers and third parties to ensure the quality and security of information, physical, logical and organizational tools used to process information in all activities.

In line with its strategies, OMNYS has outlined its Integrated Management System Policy with the aim of achieving full customer satisfaction and improving customer performance, focusing on the following objectives:

1. Ensure customer satisfaction through continuous management and monitoring of customer needs;
2. Ensure that services provided are in compliance not only with contracts, but also with applicable regulations and market standards;
3. Continually improve products and services to meet established standards;
4. Optimize efficiency to maximize business profitability;
5. Minimize time to market for services and solutions;
6. Encourage the professional growth of the company's employees;
7. Involve all employees in the application and improvement of the Integrated Management System;
8. Optimize service delivery times while maintaining high quality standards;
9. Periodically assess information security risks to reduce them to acceptable levels and protect information assets in terms of confidentiality, integrity and availability;
10. Ensure secure access to information to prevent unauthorized or improper processing;
11. Address anomalies and incidents in a timely manner to minimize business impact;
12. Reduce (and possibly eliminate) the number of information security incidents and ensure business continuity and disaster recovery through established security procedures;
13. Maintain compliance with information security laws and regulations, as well as security obligations established in contracts with third parties;
14. Ensure that only authorized personnel have access to the operational headquarters and individual company facilities, thereby ensuring the security of the areas and assets present.

5. Accountability for the Integrated Management System Policy

The Management is responsible for the Integrated Management System, in line with the evolution of the business and market context, evaluating any actions to be taken in the face of events such as:

• significant business evolutions,
• new threats compared to those considered in the risk analysis activity,
• significant security incidents,
• evolution of the regulatory or legislative context regarding the secure processing of information.

6. Continuous improvement

The Policy is formalized in the Integrated Management System (IMS), continuously updated to ensure its continuous improvement, and communicated to the organization, third parties and customers through dedicated communication channels.