1. Purpose and field of application

The purpose of this document is to describe the general principles defined by OMNYS S.r.l. in order to develop a functional Integrated Management System according to ISO 9001:2015, ISO/IEC 27001:2022 and ISO 22301 standards.

2. Description

For OMNYS, the delivery of innovative services in the IT sector is inspired by the following general lines:

• to work as a partner with the client on each project, rather than simply being a supplier;
• being innovative, constantly challenging our beliefs and adopting different perspectives every day, as the IT services industry is constantly changing;
• ensure the effective and continuous security of the customer, in accordance with the quality and regulatory standards required by the current market, giving the utmost attention to this aspect in our business activities;
• to achieve customer and stakeholder satisfaction as a key element of business success;
• the experience and expertise of the company's professionals are crucial to achieving excellent results;
• professionalism and proactivity are the optimal tools for the consistent and continuous implementation of information security systems;
• paying attention to climate change issues.

3. Scope of application

For these reasons, OMNYS has implemented an Integrated Management System in accordance with the requirements of ISO 9001, ISO/IEC 27001, ISO 22301, Data Protection, Cybersecurity and mandatory legislation. This is a means of better managing quality and information security within the company, with the essential aim of ensuring business continuity.

4. Integrated Management System Policy

The OMNYS Integrated Management System Policy represents the organisation's commitment to customers and third parties to ensure the quality, information security and business continuity of the physical, logical and organisational tools used to process information in all activities.

In line with its strategies, OMNYS has outlined its Integrated Management System Policy with the aim of achieving full customer satisfaction and improving customer performance, focusing on the following objectives:

1. Ensure customer satisfaction through continuous management and monitoring of customer needs;
2. Ensure that services provided are in compliance not only with contracts, but also with applicable regulations and market standards;
3. Continually improve products and services to meet established standards;
4. Optimize efficiency to maximize business profitability;
5. Minimize time to market for services and solutions;
6. Encourage the professional growth of the company's employees;
7. Involve all employees in the application and improvement of the Integrated Management System;
8. Optimize service delivery times while maintaining high quality standards;
9. Periodically assess information security risks to reduce them to acceptable levels and protect information assets in terms of confidentiality, integrity and availability;
10. Ensure secure access to information to prevent unauthorized or improper processing;
11. Address anomalies and incidents in a timely manner to minimize business impact;
12. Reduce (and possibly eliminate) the number of information security incidents and ensure business continuity and disaster recovery through established security procedures;
13. Manage business continuity to prevent, respond to and recover from incidents and disruptions that could affect the continuity of delivered and internal services;
14. Maintain compliance with information security laws and regulations, as well as security obligations established in contracts with third parties;
15. Ensure that only authorized personnel have access to the operational headquarters and individual company facilities, thereby ensuring the security of the areas and assets present;
16. Ensuring awareness of and commitment to implementing environmental sustainability and climate change measures.

5. Accountability for the Integrated Management System Policy

The Management is responsible for the Integrated Management System, in line with the evolution of the business and market context, evaluating any actions to be taken in the face of events such as:

• significant business evolutions,
• new threats compared to those considered in the risk analysis activity,
• significant security incidents,
• evolution of the regulatory or legislative context regarding the secure processing of information.

6. Policy life-cycle and Continuous improvement

The policy is formalised in the Integrated Management System (IMS), is constantly updated to ensure its continuous improvement, taking into account the evolution of the business environment and the analysis of potential information risks, and is reissued as necessary and communicated to the entire company, third parties and customers through specific communication channels.