Security policy

The information security policy of Alias Srl represents the organization’s commitment to ensuring the security of information, as well as the physical, logical, and organizational tools used for data processing across all activities.

Alias Srl defines its information security policy for the implementation of an ISMS (Information Security Management System) in compliance with the ISO/IEC 27001:2022 standard.

This means establishing and maintaining a secure information management system by adhering to the criteria of Confidentiality, Integrity, and Availability.

The following principles are considered fundamental by the company’s top management and remain constant even in the event of policy updates:

• Continuous improvement of the system’s effectiveness
• Ensuring compliance with confidentiality, availability, and integrity requirements for all processed information
• Guaranteeing business continuity

In managing the services offered by Alias Srl through its technological infrastructure, the company ensures:

• Full compliance with the Service Level Agreements (SLA) established with customers
• Adherence to current regulations and international security standards

The information security policy of Alias Srl is inspired by the following principles:

1. Ensuring access control
2. Establishing information classification (and handling)
3. Ensuring the physical and environmental security of the workplace
4. Adapting codes of conduct for internal and external collaborators, such as:
   • Acceptable use of assets
   • Best practices regarding clean desk and clear screen
   • Regulated use of mobile devices and teleworking
   • Restrictions on software installation and usage
5. Verifying the correct creation of backups by providers, checking their integrity through regular restores, and replicating these backups in local archives
6. Establishing procedures for secure information transfer
7. Providing protection against malware
8. Identifying, monitoring, and managing technical vulnerabilities
9. Providing cryptographic controls where necessary
10. Ensuring communication security
11. Complying with current privacy and personal data protection regulations
12. Regulating relationships with suppliers in accordance with ISO 27001

This policy applies to the following scope of activities carried out by Alias Srl:

• Software design and development
• Design and construction of websites
• Electronic graphics