Information Security Policy

To guarantee the maximum satisfaction of its customers, and more generally, of all interested parties, the Management of Rulex defined its “Information Security Policy” by framing it in a broader vision of the general corporate strategy and its positioning in the market.

The company’s strategy is inspired by the following general lines:

  • To be the customer’s partner on every project and not just suppliers,
  • Be innovative, questioning one’s own beliefs every day and seeing things differently every day, because Cybercrime is constantly evolving and looks for holes precisely in the habits of protection systems.
  • The real and continuous security of the customer, in line with the qualitative and regulatory standards required by the current market, is the first point of attention of the activities carried out by the company.
  • The satisfaction of its customers and its stakeholders represents a winning element for the company.
  • The expertise of the specialists present in the company is the winning approach.
  • Professionalism and proactivity are the best tools for constantly and continuously implementing cyber security systems.
  • Be positive, because cyber security is not just a response to a problem, but if done consistently and efficiently it is also an opportunity to optimize and save money.
  • Promote safety, environmental protection, quality, human rights, asset protection and social responsibility.
  • Contribute to raising company standards and offer services always aimed at continuous improvement.
  • Comply with applicable laws, rules, and regulations, including the Company’s Code of Ethics.

Our teams strive every day to enhance the features and efficiency of our solutions, as well as the development of workflows to ensure a seamless alignment between our solutions and our customers’ processes.

We aim to provide our customers with strategic solutions that cater to their specific requirements, going beyond mere compliance with regulations and addressing the ever-evolving landscape of new threats.

Precisely in this perspective of improving the current procedures concerning Information Security, the Company acts as a guarantor to provide sufficient guarantees and adequate controls on Security, to protect the interest of the customer as well as that of the public.

Thus, in line with its own strategies, Rulex has defined its “Information Security Policy” in the commitment to pursue full customer satisfaction and to improve its performance by aiming to:

  • Guaranteeing to its customers the creation and provision of products and services that comply not only with the contract but also with current regulations and market standards and best practices.
  • Pursuing the continuous improvement of its products and services necessary for the realization of the previous point.
  • Achieve levels of efficiency appropriate to the established mission to optimize the company’s profitability.
  • Provide high-level services, promoting quality and promoting the diffusion of the principles and behaviors on which the Information Security Policy is based towards all customers.
  • Operate in the interest of the community, contributing to the protection of the environment, the safety of human life, the protection of property and social responsibility.
  • Contribute to the preservation of the environment and sustainable development, as a Designated Operating Entity under the Kyoto Protocol.
  • Evaluate the internal and external context in which it operates, to determine the business opportunities and related risks.
  • Improve the level of satisfaction of customers and interested parties, through an approach aimed at an ever better understanding of their needs and expectations.
  • Consolidate the image, good reputation, and high level of professionalism, adopting suitable programs, objectives and commitment as regards the quality of services and the training and qualification of the personnel concerned.
  • Continuously check the effectiveness of the Policy and ISMS, through suitable performance indicators and objectives, with particular attention to those relating to safety and pollution prevention.
  • Implement the necessary measures to achieve the set objectives, carrying out periodic reviews and reporting the results for continuous improvement.
  • Minimize the time to market of its services and solutions.
  • Continuously feed the personnel growth process necessary for the company that the company has set itself.
  • Involve and make all personnel aware of the issue of application and improvement of the Information Security Management System,
  • Always be compliant with applicable laws and regulations.
  • Optimizing the implementation and delivery times of services and solutions to reduce them, while maintaining the same quality levels.
  • Periodically evaluate the information security risks of all interested parties, to reduce them to acceptable levels.
  • Protect its information assets and that of the interested parties in terms of Confidentiality, Integrity, and Availability.
  • Reduce, possibly eliminate and in any case manage the number of information security incidents.
  • Meet all applicable and mandatory information security regulatory requirements.

The Management will provide the necessary resources and support necessary to achieve the objectives of continuous improvement of the Information Security Management System and is responsible for its effectiveness.

The Information Security Management System identifies and considering the requirements deriving from the evolution of the context in which it operates. Management undertakes to ensure adequate “commitment” on safety issues, ensuring that safety objectives are integrated into company processes and achieved.

To guide people’s approach to safety and quality, Rulex considers it appropriate to adopt the following principles:

  1. The analysis of the security risk of the information processed is the main driver of commercial and planning activities.
  2. The controls are applied to guarantee adequate levels of protection against threats considered relevant to the data/information which represent the real “treasure” of the companies.
  3. The level of protection identified is always compliant with the regulatory provisions in force (e.g.: GDPR, NIST, 231, etc…), as well as with market best practices.
  4. Information management responsibilities are formally assigned and include, inter alia, the risk analysis of each piece of information and the consequent definition of levels and methods of protection, quality, retention.
  5. The company works to safeguard the confidentiality, integrity, and availability of information by integrating it into its life cycle.

In line with the principles set out, Rulex undertakes to implement and disseminate its Information Security Policy, guaranteeing the resources and conditions necessary for its implementation, periodically reviewing it to verify the actual performance and achievement of the indicated objectives.

Date 1/8/2023 Rel.1.0