Information security policy
Revision No. 03, issued on January 26, 2025
TO ALL EMPLOYEES
COLLABORATORS
STAKEHOLDERS
Targa Telematics S.p.a. is an important international company active in the field of applied IT. With a business focused on the development of solutions that enable connection and communication with, from and between objects (IoT), value-added services that save time, energy and money.
The information assets processed by Targa Telematics represent the main resource useful for providing services dedicated to its customers based on cloud platforms and as such, it must be adequately protected with a constant balance between the level of risk and the degree of protection required, correctly combining the need to protect the value of information with the need to ensure the efficiency, effectiveness and continuity of business processes.
To do this, Targa Telematics has decided to implement the information security management system as required by the UNI CEI ISO/IEC 27001:2017 standard extended to the controls provided for by the UNI CEI EN ISO/IEC 27017:2015 and UNI CEI EN ISO/IEC 27018:2019 guidelines in order to guarantee:
- Confidentiality – information accessible only to duly authorised subjects and/or processes;
- Integrity – safeguarding the consistency of the information from unauthorised changes;
- Availability – ease and certainty of access to the necessary information;
- Privacy – guarantee of protection and control of personal data.
According to the European laws and standards to ensure the citizens’ rights about the processing of their personal data that are always considered in customers and supplier’s agreements.
To this end, the guidelines regarding the security of the information chosen are:
- Priority in guaranteeing customers within the products delivered all 4 of the above characteristics (RID and Privacy);
- To ensure that all employees are fully aware of the information managed and of the assessment of its criticality and the consequent behaviours to be maintained since they are assessed as adequate in the risk assessment;
- Prevent unauthorised processing of information;
- Collaborate with third parties involved in the processing of information according to procedures that guarantee adequate levels of security;
- Manage anomalies and incidents that could have repercussions on the information system and company security levels promptly and correctly through efficient prevention, communication and reaction systems in order to minimize the impact on the business;
- Always operate in accordance with the legal requirements and compliance with the security commitments established in the contracts with third parties;
- Ensure business continuity and disaster recovery, through the application of established security procedures;
- Protect customer information in an adequate and constant way, as an added value of our service and reassure them about the correct management of their information by Targa Telematics.
Failure to comply with this policy exposes the company to serious risks both for internal information and for that of customers and suppliers, with high risks of economic damage and business continuity as well as indirect damage such as reputational damage. Moreover, the management undertakes to:
- Ensure the necessary resources for the effective protection of information;
- Implement and support this Policy, and disclose it to all stakeholders;
- Define information security objectives;
- Manage anomalies and incidents that could have repercussions on the information system and company security levels promptly and correctly through efficient prevention, communication and reaction systems in order to minimize the impact on the business;
- Periodically review the objectives and the Information Security Policy to ensure their continued suitability.
The Chief Executive Officer