Altilia Policy for the Security of Information Processed in the Cloud

To ensure the highest level of security for information processed within SaaS services provided to its clients, Altilia is committed to addressing all aspects related to Information Security, as prescribed by the primary applicable regulatory frameworks. This is aimed at safeguarding the confidentiality, integrity, and availability of its informational assets and those of its clients who choose to use the dedicated SaaS solutions.

Achieving adequate security levels helps mitigate and counteract losses and/or damage that could affect individuals, the corporate image and reputation of both Altilia and its clients, as well as economic and financial aspects. It also ensures compliance with the contractual and legal frameworks in force regarding service continuity and protection from significant incidents.

As such, Altilia has set the following objectives, achievable through the implementation of an effective Integrated Management System, which includes aspects related to Information Security:

• Adopt and implement recognized principles and best practices to ensure Information Security and promote the acquisition of certifications that conform to international reference standards.
• Apply technical and organizational measures in the management, administration, and delivery of SaaS services reserved for its clients to ensure high standards of information security and quality of the services provided.
• Define roles and responsibilities to be assigned to employees at all hierarchical levels, involving third parties holding key roles as needed.
• Allocate the necessary resources to ensure the adoption of appropriate measures concerning the logical security of the technological infrastructures implemented in the cloud.
• Promptly notify, where necessary, the possibility of utilizing multi-tenant services, while fully ensuring the segregation of information among different clients.
• Implement appropriate response and management measures in the event of occurrences that may compromise information security and normal operations.
• Develop an awareness program for staff through regular informational and training sessions.
• Commit to continuously improving and evolving the Management System by planning, executing, verifying, and continually implementing measures aimed at countering potential events that could compromise Altilia’s and its SaaS clients’ informational assets.

Additionally, through this Information Security Policy, Altilia declares its commitment to providing adequate support and effort in achieving compliance with the applicable regulations on the protection of personal data. All personal data processed on cloud systems, implemented for the provision of SaaS services, will be handled in accordance with current legislation on the subject, and, where applicable, consistent with any additional conditions expressed by the Data Controllers, in accordance with the limits and methods specified by the applicable legal provisions.

Rende (CS) Italy, 01/07/2024