Integrated management system policy
The activities of our company must be carried out with respect for customers, but also with respect for ourselves.
The contribution of human resources is therefore crucial to the continuity and development of our company.
Only through a team spirit willing to change and a modern outlook can we meet the challenges and achieve the goals we set for the future.
Change must be directed toward the realization of continuous improvement in all activities of our company.
All incoming information from our internal and external context must be the yardstick for measuring the quality of our work and the satisfaction of our customers.
We must always be critical in analyzing our methodologies; we must always be alert to what our competitors are doing.
A continuous review of what we do and how we do it will give us continuous improvement in every area.
The rules we have given ourselves and will give ourselves in the future are for us the fundamental principles of our corporate life.
In keeping with these principles, the company promotes all necessary actions so that processes and activities are geared toward achieving the following goals:
- Maximize customer satisfaction at every point of contact with the business organization
- Develop innovative projects and services that meet and anticipate customers’ expectations
- Optimize and improve the service provided by assigning the external customer (clients and users) and the internal customer (employees and contractors) a central role in the company’s improvement strategies and processes
- Communicate appropriate information to suppliers to ensure their involvement in the application of the principles of this quality policy
- Research new technologies that can make the services offered increasingly efficient and reliable, achieving the highest level of effectiveness and flexibility
- To enhance human resources and their professional growth at all levels through the establishment of awareness, training and membership programs
- To spread the culture of quality, through appropriate information actions towards its employees and collaborators to increase their awareness, involving them in the definition and implementation of continuous improvement within the company
- Fostering a work environment inspired by respect, fairness and cooperation, with the involvement and empowerment of all resources engaged as an active part of the company in the achievement of set goals
- Adopt an organization geared toward analyzing the operating environment, stakeholders and risks through careful evaluation and management of critical issues
- Adopt a process-oriented organization that provides methods for measuring the performance and processes of the quality management system, through the definition of monitoring indicators
- Continuously improve the effectiveness of the quality management system by establishing a structured framework of indicators and objectives aimed at increasing business competitiveness
- Act in full compliance with applicable national and international regulations and laws applicable to the company’s business sector
- Implement continuous technological innovation and knowledge development to stay aligned with current tools and working methodologies.
In the area of information security, Bitia has set itself the goal of preserving its own and its clients’ interests by protecting information assets and paying special attention to the aspects of:
- Confidentiality, integrity and availability of information
- level of service
- legal requirements
- business continuity
- management of all security breaches
To this end, the organization strives to pursue information security:
- Using good practices to protect the organization’s information from internal or external threats, whether intentional or accidental
- Aligning information security management with the organization’s strategic risk management framework
- Setting information security objectives and establishing guidelines and principles for action
- Establishing criteria for risk assessment and risk acceptance
- Controlling access to information resources, based on business and security needs
- Protecting information and physical media in transit
- Protecting the information managed by enterprise information systems
- Applying procedures for information sharing
- Ensuring the protection of customer data and their proprietary information residing at the organization’s headquarters
- Ensuring compliance with legal requirements and principles related to information security in contracts with third parties
- Encouraging awareness of information security issues to all staff and throughout the employment relationship
- Observing the clean desk policy for documents and removable storage media
- Observing the clean screen policy for information processing services
- Implementing appropriate security measures for Notebooks and Smartphones and to communications
- Using appropriate cryptographic systems to protect information
- Establishing rules for the development of systems and the application of those rules to developments within the organization
- Prohibiting the use of unauthorized software and complying with intellectual property rights laws
- Protecting organizational and privacy data
- Managing information security incidents in a timely manner
- Preparing a continuity plan to deal effectively with an unforeseen event by ensuring that services are restored in accordance with existing contractual arrangements
- Enforcing disciplinary actions and discouraging staff misuse of information and data services
- ensuring compliance with the provisions of Law, statutes, regulations or contractual obligations and any requirements inherent to information security, including the requirements set forth in the UNI CEI ISO/IEC 27001 standard, while minimizing risks of penalties, data loss or reputational damage
Our training paths must ensure that everyone understands our philosophies and rules.
Sharing language must be the basis for effective internal communication.
Everyone must operate according to the provisions of our integrated management system, respecting roles, duties and responsibilities.
The effectiveness of our integrated management system is continuously monitored through periodic appointments by management and corporate officers, where specific benchmarks are checked and there are periodic inspections at all levels, conducted by both internal staff and external auditors.
It is also our policy to publicize these concepts and to entice and convince the network of suppliers, colleagues, consultants and collaborators that this is the best way forward in order to enhance the value of our work more and more.
This is our policy for quality and information security, and to this end we have built and must periodically review and maintain effective, an integrated management system that applies what is required by the international standards UNI EN ISO 9001 and UNI CEI ISO/IEC 27001 and meets their applicable requirements.
Chief Executive Officer Sergio Pellanda