Our policy

As a prominent international company, Arneg is aware of the impact that its activity has on its employees, on the environment, on local communities and on the customers with which it interacts.

This awareness has led to its determination to define its social and environmental responsibility ensuring that its long-term development is sustainable and that it reflects the values and expectations of its employees, of the company, of its customers and of the stakeholders in general.

Arneg also recognizes the security of information assets as a factor instrumental to the support of its business activity, and needed in order to consolidate its competitive advantage in dealings with customers, as well as to attain its stated economic and business objectives.

Consequently, Arneg assigns to Information Security the responsibility for protecting its information assets, understood as the totality of information and the tangible and intangible tools used to process that information, and has defined a series of organizational, legal and technical measures for protection, control and verification, based on conformity to the following fundamental requirements:

• Confidentiality

• Integrity

• Availability

Arneg has identified the main social and environmental trends likely to impact on its activities in the     coming years and to which it aims to respond as a responsible business.

Consequently Arneg has set out to integrate within its Quality System a number of objectives of an environmental and energy-related nature and as well as relating to the protection of workers' health and safety to be achieved, consolidated within the Integrated Management System.

Further to the implementation of the new editions of the 9001:2015 and 14001:2015 standards, Arneg has formalised the context analysis process in order to better understand the expectations of those concerned, at the same time performing the risk assessment aimed at understanding threats and opportunities to achieve expected results in order to increase desired effects, and simultaneously hinder or reduce undesired effects with a view to continuous improvement.

Considering the market context within which Arneg operates and the distinctive characteristics of the services provided by Business Unit Service, an Information Security Management System conforming to ISO IEC 27001:2013 has also been put in place for this specific area.

Arneg promotes and supports the approach based on the risk analysis as an essential element for maintenance of its integrated management system implementing all necessary action in order to guarantee updating of the system over time.

Arneg insists that its policy is documented, implemented, maintained and communicated to all staff that work for and on behalf of the organisation, that it is regularly revised and updated and that it is made publicly available on the website and on the corporate intranet.

The policy of Arneg S.p.A. therefore aims to achieve the following objectives:

• Customer Satisfaction;
• The motivation and development of Human Resources;
• Protection of its own and its customers' information and data through conformity to the requirements of Confidentiality, Integrity and Availability;
• Dissemination among all its employees of the culture of quality, safety, environment and energy whilepromoting responsible behaviour;
• Assurance that the policy is appropriate to the nature, size and the impact of its organisation and is applied to all the aspects in which it is involved relating to quality, safety, the environment and energy.
• Assurance in all the processes of compliance with the limits defined or prescribed by current regulations relating to the environment, to energy and the protection of health and safety together with those applicable and defined by its own organisation, while at the same time ensuring the continuous improvement of significant environmental and energy related aspects and measures for the prevention and protection from risks in the workplace;
• The promotion of mutually beneficial relations between the Organisation and its Suppliers.

To this end, the General Direction of ARNEG S.p.A. promotes, develops and supports:

• The direct involvement of the customer in developing its products with particular attention to the consequences of their environmental/energy impact and on the safety of the end user.
• The implementation of a structured Information Security Management process designed to safeguard intellectual property and to protect the business against attacks intended to be detrimental to production capacity, product quality or customer satisfaction.
• The direct involvement and the informing of suppliers, both of goods and services, on all the activities that impact on the integrated management system by promoting and encouraging the purchase of safe, high energy efficiency and low environmental impact equipment, and by promoting respect for the requirements of Confidentiality, Integrity and Availability of shared information assets.
• The organisation of the company procedures to improve efficiency and effectiveness according to the ever evolving needs of the Customer.
• The organisation and monitoring of business processes that have a direct influence on the environment, on energy and on safety in order to reduce their impact and to minimise risk.
• The monitoring of company procedures, the definition of control instruments and analysis of the results.
• The initiatives aimed at reducing the environmental and energy impact such as for example emissions into the atmosphere, the consumption of water and energy resources, noise, vibrations, the safe management of chemical products and careful differentiated management of waste enabling its recycling, by means     of the continuous provision of information to relevant staff concerned and specific investments within the infrastructures, defining objectives and specific indicators to be monitored with defined frequency and providing the resources necessary to achieve them.
• The management of its activities with the aim of preventing injury, accidents, occupational diseases and damage to the environment.
• Various activities and projects of an organisational and technological nature designed to ensure information security in accordance with the requirements of Confidentiality, Integrity and Availability.
• The definition of rules of conduct, with the relevant sanction-oriented framework, relating to aspects of safeguarding health and safety in the workplace and of the environment (disciplinary rules for Safety and the Environment) and of information security that all individuals involved in the business context must comply with.
• The management and monitoring of all the company's activities, including research, design and production with particular focus on the observance of statutory and regulatory requirements applicable to the product, on health and safety in the workplace and on environmental protection and energy saving.
• The attention to human resources, defining tasks and responsibilities and offering information and training aimed at achieving the objectives set within the context of a stimulating work environment that ensures appropriate motivation and involvement.
• The synergy with suppliers to identify and achieve mutually beneficial common goals requiring that contractors that operate on behalf of the company adopt policies for the protection of the health and safety of workers that mirror those of the organisation.
• Internal communications between the various levels and departments of the organisation with regard to the aspects that relate to the SGI and promoting the involvement of and provision of information to all members of staff of the organisation; external communications to provide adequate responses to third party queries. Note: the DG has decided not to provide external communications concerning its environmental and energy performance if not expressly requested by external parties and in any case with the prior approval of RSA and RSES.
• The Integrated Management System Team, ensuring the same full and active support in order to ensure management of the improvement plans.
• A culture of ongoing improvement, both within the organisation and with its suppliers.

cod. MQ0217A 11/07/2017