Information Security Policy
PURPOSE
With this document, Pluribus One defines and establishes its Integrated Management System (IMS) Policy for Information Security and Quality, adopted in compliance with the requirements of the ISO/IEC 27001:2022 and ISO 9001:2015 standards. Pluribus One operates within the cybersecurity market, where information security and process reliability are distinctive and fundamental pillars for the design, development, and delivery of its solutions. In this context, the organization recognizes that the quality of processes and services, alongside the protection of information, are inseparable factors in safeguarding the interests of clients, partners, suppliers, and all relevant stakeholders.
The Integrated Management System Policy is founded on the principles of operational effectiveness and efficiency, transparency in operating procedures, and systematic risk management, applied to both information security and quality. By adopting the IMS, Pluribus One commits to protecting its information assets and those of its clients from internal and external threats—ensuring their confidentiality, integrity, and availability—while simultaneously guaranteeing that its services fulfill all contractual and regulatory requirements, as well as client expectations.
This Policy provides the framework for setting quality and information security objectives and guides the organization's strategic and operational decision-making.
It promotes an approach rooted in risk-based thinking and continuous improvement, through which Pluribus One plans, implements, monitors, and enhances its Integrated Management System over time. The objective is to increase customer satisfaction, prevent adverse events, and strengthen the overall reliability of processes and services.
Pluribus One's Top Management ensures that this Policy is consistent with the organization's context and the needs of stakeholders, and that it serves as a shared reference for all corporate activities impacting quality and information security.
SCOPE OF APPLICATION AND RECIPIENTS
This Integrated Management System Policy applies to all Pluribus One activities, processes, and resources that impact the quality of services provided and the security of processed information. The scope of the Policy includes both operational activities and the support and governance functions necessary to ensure the effective operation of the organization and the achievement of the Integrated Management System objectives.
The Policy applies to all information managed by Pluribus One, regardless of its nature, format, or the medium on which it is stored or transmitted, as well as to the systems, infrastructures, and tools used for its processing. Furthermore, the scope of the Policy includes the design, development, and service delivery processes, as well as the management and control activities that contribute to the quality of results and the protection of information assets.
This Policy is addressed to all individuals who, in any capacity, operate on behalf of Pluribus One or come into contact with corporate information and processes. In particular, it applies to shareholders, employees, collaborators, suppliers, contractors, partners, and all external parties who process Pluribus One's information or information managed by the organization on behalf of its clients.
Top Management ensures that the Integrated Management System Policy (IMS Policy) is appropriately communicated and made available to all relevant recipients to ensure its awareness, understanding, and application. Compliance with the principles and guidelines defined in this Policy is considered binding for all interested parties involved in the organization's activities.
OBJECTIVES
Through the adoption of its IMS Policy, Pluribus One pursues the goal of ensuring a high level of reliability for its processes and services, while simultaneously ensuring the protection of corporate information assets and client information. The Integrated Management System Policy defines the guidelines through which the organization directs its strategic and operational choices regarding quality and information security.
In particular, Pluribus One is committed to protecting information acquired, processed, or generated within the scope of its activities, safeguarding its confidentiality, integrity, and availability, and ensuring that access to information occurs exclusively in an authorized manner consistent with assigned responsibilities. This objective is pursued through the adoption of a structured approach to risk management, aimed at preventing undesired events, reducing potential consequences, and ensuring the organization's operational continuity.
At the same time, Pluribus One is committed to guaranteeing the quality of its processes and services, ensuring compliance with applicable contractual, statutory, and regulatory requirements, with a specific focus on customer satisfaction. The organization recognizes that the quality of provided services is strictly linked to the effectiveness of internal processes and the ability to monitor performance, promptly identifying any deviations and opportunities for improvement.
The IMS Policy also promotes the clear definition of roles, responsibilities, and authorities, involving internal personnel and, where relevant, external parties who contribute to the conduct of business activities. Pluribus One recognizes the importance of the competence and awareness of individuals and is committed to supporting them through appropriate information, training, and awareness-raising activities on quality and information security topics.
A further objective of the Policy is to maintain compliance with the applicable legal, contractual, and regulatory framework, with particular reference to the protection of information and personal data. The organization ensures constant monitoring of regulatory and technical developments, assessing their impact on its processes, services, and the Integrated Management System.
Finally, Pluribus One is committed to pursuing the continuous improvement of the Integrated Management System by adopting a systematic approach based on planning, implementation, verification, and corrective and improvement actions. This commitment is aimed at strengthening the effectiveness of the IMS over time, the quality of services offered, and the level of information security, in line with the organization's strategic objectives and the expectations of interested parties.
THE INTEGRATED MANAGEMENT SYSTEM (IMS)
Pluribus One's Integrated Management System (IMS) constitutes the structured set of policies, procedures, processes, and resources through which the organization governs, in a coordinated manner, the quality of its processes and services and the security of its information. The IMS is adopted and maintained in compliance with the requirements of the ISO/IEC 27001:2022 and ISO 9001:2015 standards and is designed to support the achievement of the organization's strategic objectives.
The scope of IMS includes all operational and support activities that contribute to the creation and delivery of Pluribus One's services, as well as the governance and control processes necessary to ensure their effectiveness. The IMS is applied across the entire organization and is based on a process-oriented approach and risk-based thinking, which allows for the systematic identification and management of factors that may influence service quality and information security.
Pluribus One's Top Management is directly responsible for the establishment, implementation, and maintenance of the Integrated Management System and ensures that the principles and objectives of this IMS Policy are translated into concrete and consistent actions within corporate processes. Management actively supports the IMS by providing the necessary resources and promoting the involvement of personnel and relevant stakeholders.
The Integrated Management System is documented through a consistent set of documented information, which includes the IMS Manual, policies, procedures, and operating instructions necessary to ensure process control and compliance with applicable requirements. IMS documentation is managed to ensure it is kept up to date, available, and protected, in line with the principles of quality and information security.
Pluribus One periodically monitors the performance of the Integrated Management System and evaluates its effectiveness through monitoring activities, internal audits, and Management Reviews. The results of these activities form the basis for adopting corrective and continuous improvement actions, aimed at strengthening process reliability, the quality of services provided, and the level of information protection over time.
REVIEW AND UPDATE
This document is periodically subject to reviews and updates to incorporate corrections and additions, or to ensure its adequacy and efficiency in the event of significant changes regarding information security.
