Swascan has considered it appropriate to adopt a Code of Ethics and Conduct, in line with the provisions of the Tinexta S.p.A. group, aimed at indicating the moral and professional values and standards from which the company takes its inspiration in carrying out its business and optimising it in terms of efficiency.

The purpose of this Code of Ethics is to ensure moral standards when it comes to relations within and outside the company and to optimise them in terms of efficiency, in order to guarantee clear behavioural guidelines as well as preserve a positive corporate reputation.

Through the Governance Risk & Compliance team, in pursuing its goals and carrying out its activities, Swascan verifies and ensures compliance with laws and company procedures.

In carrying out their activities and in exercising their responsibilities, Swascan employees must ensure their behaviour is inspired by criteria of correctness, transparency and objectivity.

Since 2016, Swascan has made Cybersecurity its core business, quickly becoming a reliable, recognised player in the sector.

For this reason, information security is an essential part of the corporate DNA and represents an indispensable factor when it comes to protecting its information assets and those of its customers.

In Swascan, security plays a permanent role in the daily operational life of the company and also during all phases of service provision: analysis, design and commissioning of the services provided as well as customer service, considered a primary asset for the company. Considered a natural evolution, the Swascan S.r.l. management team has decided to implement an integrated management system based on the ISO 9001:2015 and ISO/IEC 27001:2013 standards, together with the two extensions ISO/IEC 27017 and ISO/IEC 27018 related to the security of cloud environments and the protection of PII (Personal Identifiable Information).

Swascan undertakes to pursue a policy that places the security of information at the heart of the company’s operations, always maintaining its commitment to achieving the goals set, namely the satisfaction of all stakeholders and in particular of the Customer, while guaranteeing continuous improvement of the effectiveness of its Company Management System at the same time.

Purpose and Scope 

Swascan S.r.l.’s Integrated Management System has the following scope: provision of SOC services, offensive security, development and operational management of the platform.

Goals 

Swascan S.r.l. bases its business and the Integrated Management System on the achievement of the following major general goals:

1. guaranteeing the best standards, optimising and rationalising company processes and tools;
2. guaranteeing the effectiveness of the Integrated Management System;
3. implementing state-of-the-art services in a consistent, ongoing manner, meeting customer requests and applicable mandatory requirements, guaranteeing the ongoing reliability, operational continuity and the most effective use of the company resources available;
4. preserving the image of the company as a reliable, competent supplier in the best possible way;
5. guaranteeing high levels of performance for the services provided.

With a more specific focus on information security, however, with this policy, Swascan S.r.l. intends to formalise the following goals:

• Protecting its information assets and those of its customers;
• Adopting measures to ensure staff loyalty and professional growth and increasing the level of awareness on security issues among its staff;
• Fully complying with the indications of current mandatory legislation;
• Implementing suitable Business Continuity and Incident Management solutions;
• Defining adequate security procedures and rules for the management of access controls to systems, from inside and outside the network, and of the physical and logical protection of systems with all the state-of-the-art technological tools available;
• Defining adequate procedures and safety rules for the supervision of networks and systems;
• Adopting a selective policy for the exchange of information, in particular with the outside world through the use of a specific classification of information.

All staff must work to achieve the security objectives when managing information.

The application of the management system therefore requires full participation, commitment and effective interaction of all human and technological resources. The continuous growth of the service level will be pursued through regular reviews, aimed at monitoring the pre-established goals and recognising any areas for improvement.

The company’s goal is to ensure an adequate level of data and information security in the design, development and provision of the service and related company services, through the identification, assessment and treatment of the risks to which the services themselves are subject.

General principles 

Swascan S.r.l.’s integrated system defines a set of organisational, technical and procedural measures aimed at guaranteeing the satisfaction of the three principles underlying information security:

➢ Confidentiality i.e. the fact that information may only be known to those with the correct privileges;

➢ Integrity i.e. the fact that information may only be modified by those with the correct privileges;

➢ Availability i.e. the fact that information must be accessible and usable when required by the processes and users with the correct privileges.

Furthermore, in order to ensure effective application of the company policy, the implementation of the ISMS is based on the following principles:

• Satisfying customer expectations

Customer satisfaction is a strategic objective for Swascan S.r.l.: loyalty is a tangible demonstration of the validity of this approach. Swascan’s services meet customers’ implicit and/or explicit standards and requirements.

• Corporate culture

Corporate culture with a focus on quality, information security and privacy is experienced and applied at all levels of the organisation, ensuring all employees have the necessary skills in relation to the role assigned, providing for targeted training and development paths.

• Ethical and responsible behaviour

Swascan S.r.l. undertakes to comply with all legal and ethical requirements, honouring the highest professional standards while carrying out its business on a daily basis.

• Process excellence

Swascan S.r.l. pursues process excellence through a systematic focus on continuous improvement

The goal is to achieve the highest level of efficiency, while respecting the protection of the environment and the health and safety of all workers and interested parties, also guaranteeing an effective provision of services and information security.

Swascan S.r.l. has a set of rules, processes and procedures aimed at preventing crime through the adoption of an adequate organisational management and control system.

In particular, the Company has adopted an “Organisation, Management and Control Model” provided for by Article 6 of Italian Legislative Decree no. 231/01, constantly updated in relation to regulatory and organisational changes in the company.

It should also be noted that, with the resolution of the Board of Directors of 26 July 2021, the Company adopted an organisational model aimed at ensuring conditions of fairness and transparency in the conduct of company activities, to protect its own position and image and that of the Group, as well as the work of its employees and based on the specific requirements dictated by Italian Legislative Decree 231/2001. This organisational model is divided into two sections called “General Provisions” and “Provisions relating to sensitive processes” respectively. With reference to the “General Provisions” of Swascan’s organisational model, it should be noted that, in addition to qualifying the scope and contents of Italian Legislative Decree 231/2001 in the corporate context, this part describes: (i) the goals and methods for verifying and updating the model; (ii) the organisation and functioning of the supervisory body; (iii) the communication and training processes implemented by the Company; (iv) the identification of activities at risk of committing crimes; (v) the identification of sensitive processes relating to areas at risk (vi) the protocols for making and implementing decisions; (vii) the methods for managing financial resources; (viii) the information flows to the supervisory body.

Supervisory Body (SB)

In compliance with the provisions of Article 6, paragraph 1, letter b) of Italian Legislative Decree 231/01, a specific corporate body (Supervisory Body) has been set up, with the task of continuously supervising the effective functioning and observance of the Company’s Model 231, as well as updating it, proposing changes and/or additions to the Board of Directors in all cases in which, pursuant to the Decree, this becomes necessary.

The Supervisory Body currently in office was appointed by resolution of the Board of Directors and is a single-person body, represented by Gianluca Rosboch, chosen from employees in the Tinexta S.p.A. Group, with adequate training and professionalism and in possession of autonomous powers of initiative and control as provided for by Article 6 of Italian Legislative Decree 231/2001.