Integrated policy for Quality, Social Responsibility, Information Security and Business Continuity

Agilelab has a strategic mission to accompany companies towards the use of cutting-edge software that exploits artificial intelligence and real-time data entry. The activities carried out by the organization consist of:

  • Research, study, design, creation and sale of computer, telematic, processing and computation systems.
  • Design and implementation of technological and operational platforms for the management and storage of data of all types, including personal data.
  • Creation, commercial management and consultancy for "virtual spaces" such as websites, social network platforms, forums. @ Application services (software development services, software maintenance, application management, specialist support and parameterisation and customisation of business solutions) and services similar to these.

Agilelab has created its own Management System compliant with international standards ISO 9001, SA8000, ISO 27001, ISO 22301 and ISO 27701, which allows it to guarantee internal efficiency, an adequate level of safety and internal worker satisfaction, information security and employee protection. personal data, with a better predisposition to satisfy the needs of customers.

Agilelab has decided to adopt an integrated policy, in order to univocally direct the choice of strategies and consequent activities.

In defining its policy, Agilelab considered:

  • The full satisfaction of customer expectations defined explicitly in the documents and implicitly in the need to be accompanied to the result;
  • Compliance with mandatory requirements, as well as those established independently by the company, as well as international regulations, universally accepted principles and fundamental ILO standards;
  • The continuous improvement of its processes, through activities based on verifying their effectiveness, as well as their efficiency and, therefore, their real applicability to the production context;
  • Analysis of risks and opportunities;
  • Personal needs and expectations of members, administrators, but, above all, workers;
  • Contributions expected from suppliers.

The company's priority commitment is to provide a service in line with market expectations, providing innovative services, constantly updated and in line with the requirements expressed by the customer.

Agilelab undertakes to maintain a high standard of its services and to guarantee compliance with their requirements.

Furthermore, it is committed to maintaining a policy of transparency. To this end, it has created a website that allows interested parties to view the characteristics of its services. Also significant is the information that can be deduced from the Handbook, for public consultation, containing all the information relating to the functioning of the company organisation, relevant for the staff involved in carrying out the activities and for external interested parties.

We believe that the IT sector has an important role to play in finding sustainable solutions for today's climate challenges.

We will engage with stakeholders in the fight against climate change through awareness-raising actions on the topic.

Through ISO 14064 -1 certification, also called Carbon footprint, we are committed to monitoring the environmental impact of our activity throughout the entire life cycle (LCA), so as to allow us to adopt the most sustainable approach, in accordance with the corporate principles and the organizational structure implemented.

The ability to provide efficient and effective products and services, maintaining the necessary quality in relation to the price defined by the market, represents an essential requirement for the company.

Agilelab monitors the level of satisfaction of its customers, in order to verify the effectiveness of its processes and trigger corrective actions if they become necessary.

With this in mind, the company is committed to selecting its suppliers, paying particular attention to the need to guarantee a high quality service.

Agilelab undertakes to analyze the risks and opportunities to which it is exposed, as well as the market in which it operates and its competitors, in order to manage, in the most effective way possible, possible interferences and problems, before they materialize.

Agilelab, through its IT resources, is able to offer a high level product and service.

Information Security

The Management is the guarantor of protection and protection from all threats, internal or external, intentional or accidental:

  • of the information necessary for the business of agilelab;
  • of its customers' information which is managed in the life cycle of the products and services, provided to them in compliance with the indications of EU Reg. 679/2016 and associated regulations, as well as the ISO 27701 and ISO 27001 standards.

The integrated management system of agilelab defines a set of organisational, technical and procedural measures to ensure that the basic security requirements listed below are met:

  • Confidentiality: the information must be known only to those with appropriate privileges;
  • Integrity: the information must be modifiable only and exclusively by those who have the privileges;
  • Availability: the information must be accessible and usable when requested by processes and users who have the relevant privileges. Availability goals include resilience goals.

This policy defines the principles of information and personal data security that guide the behavior of the subjects to whom it is addressed, within the scope of the SGSI, as well as the implementation of processes, procedures, instructions, the adoption of practices and other controls within the ISMS.

Below are the principles that determine and support the definition and implementation of the SGI to guarantee information security:

  1. All information essential to the service (such as technical and commercial documents, source code, configuration information, emails relating to the service, information provided by customers, staff data, etc.) must be protected.
  2. All information to be protected must be managed according to the classification level attributed, in compliance with the relevant procedures, throughout its life cycle.
  3. Information security is a fundamental aspect in the success of agilelab and to achieve business objectives.
  4. Maintaining the ISO 27001 and ISO 27701 certifications constitutes tangible, visible and assessable proof by third parties of the commitment to agilelab to guarantee information security and protect personal data.
  5. All those who come, in various capacities, into contact with the information to be protected have a direct role in the success of said protection. It is, therefore, the direct and explicit responsibility of these subjects to comply with the principles contained in this policy and in all applicable security policies related to it and to guarantee compliance.
  6. Information security is designed and implemented so as to be an integral part of ordinary business processes and behaviors, as well as defined so as not to jeopardize their adequacy for the purposes and purposes of the organization.
  7. The achievement of safety objectives is governed through a risk-based approach, which involves the application of a risk management process that takes into consideration the context of the organization, the scope of application of the ISMS, and the objectives of the organization.
  8. The organization adopts a structured process for the management of information security incidents aimed at containing their impacts, identifying their causes and promoting their removal. All subjects affected by the ISMS are required to report anomalous or suspicious circumstances regarding the information.

Agilelab has dedicated competent personnel for:

  • Issue all necessary regulations, including the type of classification of documents, so that the company organization can conduct its activities safely;
  • Adopt criteria and methodologies for risk analysis and management;
  • Suggest organizational, procedural and technological security measures to protect the security and operational continuity of activities;
  • Periodically check the exposure of company services to the main threats;
  • Verify security incidents and take appropriate countermeasures;
  • Promote the culture of information security and personal data protection.

All external parties that we have relationships with agilelab must guarantee compliance with the security requirements set out in this policy also through the signing of a "confidentiality agreement" at the time of assignment of the assignment, if not already expressly mentioned in the contract.

The information and data security objectives of agilelab they are defined in relation to strategic and business objectives, in compliance with contractual commitments and current regulations. The achievement of these safety objectives is planned, implemented, monitored and controlled with the support of a specific risk management methodology.

Business Continuity

The objectives of this Business Continuity Policy can be identified in the following points, shared by all the offices of agilelab:

  • Guarantee operational continuity and minimize the impacts on the business in the event of a crisis, ensuring rapid restoration of the normal state of performance of activities;
  • Protect the interests of agilelab and increase the trust of its customers and partners, guaranteeing the continuity of the service to respect the constraints deriving from current regulations and contractual obligations, as well as to ensure its reliability towards customers;
  • Maintain an effective, real, certified Business Continuity Management System capable of proving effective in its practical application, compliant with the ISO 22301 standard.

The objective is to minimize compliance verification activities with customer requirements.

The principles that determine and support the definition and implementation of the SGSI to guarantee Business Continuity are expressed below:

  1. The Operational Continuity Management System is defined and maintained according to an outlined process and subjected to regular periodic review to ensure compliance with legal obligations, standards and recognized best practices;
  2. The business services and the factors involved in the provision (Personnel, organizational offices and ICT systems) are identified, assessed for criticality and documented on the basis of contractual, business and internal requirements;
  3. The analysis of the impacts on operational activities (BIA Business Impact Analysis) and the risk analysis are carried out on the services provided by the organization that fall within the scope of the management system, according to a defined process and on a regular periodic basis;
  4. The business continuity management system is directed and consequent to business needs. The Business Units play a central role in the strategic and executive definition of this system;
  5. All staff must be informed of the existence of the business continuity policies established in the company, have access to them and contribute responsibly to their application and improvement;
  6. Business continuity plans and disaster recovery plans are defined, documented and tested on a regular periodic basis to ensure the adequacy and continuous updating of the technical and organizational solutions adopted, as well as training plans for all staff and entities involved;
  7. Operational continuity is integrated into the management of changes and the development of new services, ensuring continuous improvement and increasing the organisation's resilience to adverse events;
  8. Third parties and subcontractors with a critical role in the provision of services must be aware of and comply with the business continuity policies adopted;

We are committed to continuously adapting and improving our Management System, as well as raising awareness and training our stakeholders regarding its correct application.

The General Management, based on the data provided by the Quality Manager, annually reviews and keeps its policy, objectives and related indicators updated, to ensure that these maintain their effectiveness.

Social responsability

The objective of this policy is to comply with all the requirements of the SA8000 standard for the protection of workers, in particular by expressly prohibiting child labor, forced labor, human trafficking and any form of discrimination, promoting the right of association and collective bargaining, respecting the disciplinary procedures envisaged by the applied CCNL and guaranteeing remuneration and working hours that comply with current regulations. The direction agilelab undertakes to pursue the objectives set out by adopting the tools provided by the Integrated Management System and, specifically:

  1. Conduct and review contextual factors and stakeholder needs by identifying and evaluating system risks and opportunities;
  2. Ensure that the Integrated Policy is disseminated, understood and implemented at all company levels, by all those who operate on behalf of Agile Lab, as well as made available to all interested parties;
  3. Use technologies aimed at continuously improving product quality, environmental protection and safety, as well as adopting the best techniques available on the market to improve the performance of the works;
  4. Communicate the policy and objectives of the integrated management system to stakeholders;
  5. Communicate company performance, through the provision of the Sustainability Report, to all stakeholders, encouraging their involvement;
  6. Train and raise awareness of all staff and, in particular, company managers of the implementation of the Integrated Management System, so that the guidelines of this policy and the concrete objectives regarding quality, environment, safety and social responsibility are understood and implemented by all staff at various levels;
  7. Periodically evaluate, by means of internal audits, the conformity of the Integrated Management System with the reference standards, with its own policy and with what is planned and programmed; in particular, verifying the achievement of the set objectives through periodic management reviews;
  8. Continuously improve the Integrated Management System based on the results of the reviews;
  9. Implement the involvement of all workers in company life through the introduction of procedures and tools to encourage dialogue and improve the company climate;
  10. Implement the continuous improvement of communication, information and stakeholder involvement channels;
  11. Promote supplier involvement and implement awareness/monitoring systems in order to verify compliance with worker health and safety and social responsibility requirements.

Any complaint regarding aspects relating to the application of the SA8000 standard by Agile Lab can be forwarded directly to the email segnalazioniSA8000@agilelab.it

For SAAS SAI and TUV references in relation to SA8000 certification, the contact details are:

YOU KNOW

New York, USA
Phone: 212-684-1414
Fax: 212-683-8867
Email: info@sa-intl.org

SAAS

Social Accountability Accreditation Services
Tel: (212) 391-2106
Fax: (212) 684-1515
Email: saas@saasaccreditation.org

TÜV Italia SRL

tel: +39 02 24130 1
Fax: +39 02 24130 399
Email: tuv.ms@tuvsud.com

Updated:
30/10/2024

© AgileLab https://www.agilelab.it/

Found an error in the handbook? The source code can be found here. Please feel free to edit and contribute a merge request
Modified at: 2024-12-20 23:45:50

results matching ""

    No results matching ""