{"id":20635,"date":"2025-10-28T12:51:42","date_gmt":"2025-10-28T11:51:42","guid":{"rendered":"https:\/\/www.thron.com\/?page_id=20635"},"modified":"2025-10-29T09:05:36","modified_gmt":"2025-10-29T08:05:36","slug":"information-security-policy","status":"publish","type":"page","link":"https:\/\/www.thron.com\/en\/information-security-policy\/","title":{"rendered":"ISO 27001: Information Security Policy"},"content":{"rendered":"\n
<\/div>\n\n\n\n

Protection of the company\u2019s information assets is a primary objective for safeguarding THRON\u2019s business and ensuring business continuity; it is also a contractual obligation toward stakeholders.<\/p>\n\n\n\n

To this end, the Information Security Management System (ISMS) is established, designed by THRON\u2019s Information Security Manager (ISM) and based on:<\/p>\n\n\n\n

    \n
  1. policies and guidelines;<\/li>\n\n\n\n
  2. organizational, physical, technological, and behavioral security measures;<\/li>\n\n\n\n
  3. methodologies and methods to verify effectiveness and adequacy to business needs and legal requirements.<\/li>\n<\/ol>\n\n\n\n

    The Information Security Management System pursues the following objectives:<\/p>\n\n\n\n

      \n
    1. safeguard the legitimate interests of shareholders, employees, and all other stakeholders;<\/li>\n\n\n\n
    2. ensure the protection of corporate information and the continuity of business activities, by making sure the intended protection level is implemented according to the criticality, risk, and value of the information to be protected;<\/li>\n\n\n\n
    3. define a simple, consistent, and promptly updated reference model for the protection of corporate information, aligned with business strategies;<\/li>\n\n\n\n
    4. retain documentary evidence of the systems designed and implemented, as well as of activities performed, for legal, tax, and operational purposes;<\/li>\n\n\n\n
    5. comply with the requirements imposed by national and European directives on network and information security.<\/li>\n<\/ol>\n\n\n\n
      <\/div>\n\n\n\n

      General Principles<\/h2>\n\n\n\n

      The Information Security Management System is founded on the following principles:<\/p>\n\n\n\n

        \n
      • information is a corporate asset <\/strong>that must be adequately protected in all stages of processing (from design to destruction);<\/li>\n\n\n\n
      • cybersecurity<\/strong> must be an integral part of every business process;<\/li>\n\n\n\n
      • risk<\/strong> cannot be eliminated entirely, but the objective is to contain it within an acceptable level (to guarantee continuity of the services provided);<\/li>\n\n\n\n
      • the accountability<\/strong> – one\u2019s own and toward others – of owners, suppliers, or users of information systems must be explicit;<\/li>\n\n\n\n
      • external systems <\/strong>are, by definition, not secure;<\/li>\n\n\n\n
      • protections<\/strong> should, where possible, be built in \u201clayers\u201d and consist of a balanced mix of technological and organizational measures;<\/li>\n\n\n\n
      • \u201cmission-critical\u201d systems <\/strong>must be segregated from systems with public access;<\/li>\n\n\n\n
      • all data access must be authorized<\/strong> according to the principles of \u201cneed-to-know\u201d and \u201cleast privilege.\u201d<\/li>\n<\/ul>\n\n\n\n
        <\/div>\n\n\n\n

        ISMS Model<\/h2>\n\n\n\n

        The Information Security Management System is structured across several interrelated layers of countermeasures to protect the confidentiality, integrity, and availability of information:<\/p>\n\n\n\n

          \n
        1. organizational layer<\/strong>: identifies the allocation of responsibilities and roles in managing information protection;<\/li>\n\n\n\n
        2. technological layer<\/strong>, which comprises:\n
            \n
          1. infrastructure layer<\/strong>: specifies how ICT systems (processing, transmission, and storage) must be designed and implemented to ensure an adequate level of security;<\/li>\n\n\n\n
          2. network layer<\/strong>: identifies defense mechanisms to manage access to the corporate network (both from inside and from remote workstations);<\/li>\n\n\n\n
          3. application layer<\/strong>: identifies defense mechanisms to manage access to applications and to the data processed by them;<\/li>\n<\/ol>\n<\/li>\n\n\n\n
          4. behavioral layer<\/strong>: identifies the rules to be followed by all personnel and any third parties interacting with THRON;<\/li>\n\n\n\n
          5. physical layer<\/strong>: identifies the physical protections to be implemented to safeguard devices, ICT equipment, and access to them;<\/li>\n\n\n\n
          6. legal layer<\/strong>: identifies the laws and regulations to be observed;<\/li>\n\n\n\n
          7. control layer<\/strong>: identifies the organizational and technological mechanisms that allow ongoing oversight of the overall level of information protection.<\/li>\n<\/ol>\n\n\n\n

            The principles set out above are detailed in the descriptive document of the Information Protection System (the \u201cInformation Security Protection Policy\u201d) and form the basis of specific Guidelines issued by the ISM, published on the internal company portal, and delivered through periodic training to all concerned.<\/p>\n\n\n\n

            <\/div>\n\n\n\n

            Scope of Application<\/h2>\n\n\n\n

            The Information Security Protection Policy applies to all THRON stakeholders and involves – and binds – all persons who need to access THRON\u2019s information system (including employees, partners, suppliers, and customers).<\/p>\n\n\n\n

            The architectural design of the information systems – both infrastructure and applications – must comply with and be consistent with the principles of THRON\u2019s Information Security Protection Policy from the design phase onward.<\/p>\n\n\n\n

            The same principles also apply to the use of corporate assets and resources.<\/p>\n\n\n\n

            <\/div>\n\n\n\n

            THRON<\/strong>
            Chief Executive Officer (CEO)<\/strong><\/p>\n\n\n\n

            <\/div>\n\n\n\n

            Revision dated\u00a030\/09\/2023<\/strong><\/p>\n\n\n\n

            <\/div>\n","protected":false},"excerpt":{"rendered":"

            Protection of the company\u2019s information assets is a primary objective for safeguarding THRON\u2019s business and ensuring business continuity; it is…<\/p>\n","protected":false},"author":11,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-20635","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages\/20635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/comments?post=20635"}],"version-history":[{"count":7,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages\/20635\/revisions"}],"predecessor-version":[{"id":20701,"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/pages\/20635\/revisions\/20701"}],"wp:attachment":[{"href":"https:\/\/www.thron.com\/en\/wp-json\/wp\/v2\/media?parent=20635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}