Information Security Policy
MPS Monitor Srl, being aware of the importance of good information security management for its business and for customer satisfaction, has decided to design and implement an Information Security Management System (ISMS) which conforms with the requirements of the UNI CEI ISO /IEC 27001 standard, 2014 edition, and is adapted to the context described in the ISMS Area of Application document.
The Information Security Management System of MPS Monitor Srl has been certified as compliant to the UNI CEI ISO/IEC 27001:2014 standard, from the accredited certification body TÜV Italy, who issued the Certificate n. 50 100 13777.
General objectives for the Information Security Policy
The general objectives which MPS Monitor Srl sets out in this Policy are:
- To guarantee to each Client that its information will be processed according to the fundamental requirements of confidentiality, integrity and availability;
- To improve its document system to facilitate and highlight the correct application of all the obligations related to Italian Legislative Decree 30th June, 2003, no. 196, the Personal Data Protection Code and to the EU regulation 2016/679 – GDPR;
- To mantain ISO/IEC 27001 certification.
These objectives form a reference framework for the definition of further, more detailed and measurable objectives referring to both legal and regulatory aspects, as well as cybersecurity.
MPS Monitor Srl undertakes to:
- Make a quantitative assessment of information security risks, and establish acceptability criteria and processing methods;
- Identify the reference control objectives and controls as set out by the ISO 27001 standard and applicable to its productions activities;
- Monitor the performance of the Information Security Management System, both in terms of risk impacts and the degree of implementation of objectives;
- Communicate the Information Security Policy to all parties concerned, in particular clients and suppliers, in order to involve them in the continuous improvement of the system.