Yarix, Var Group’s Digital Security Division, operates as a point of reference for both public and private organisations at a national level, developing IT security solutions.
Since its foundation, Yarix has based its policies and methods of operation on the core principles of aiming for continuous improvement and pursuing excellence, efficacy and efficiency, guaranteeing the transparency of its operational processes, working to make its operatives accountable with a view to simplifying procedures and improving ease of access by users of the services and ensuring security of the information managed.
To this end, the management decided to implement a Quality Management System to ISO 9001 and an Information Security Management System to ISO 27001, as the priority and strategic bases for pursuing the general goals identified in an ongoing fashion.
Yarix’s goals are:
• Maintain leadership in the Information Security sector at a national level.
• Increase customer satisfaction and loyalty for existing clients by providing customised solutions.
• Prioritise an analytical approach above a technological one, in order to identify the most effective solution in terms of client costs and savings, by defining IT policies oriented toward more appropriate organisational models.
• Improve financial margins through more efficient organisation.
• Respond in an optimal manner to client requirements in keeping with the regulatory and legislative framework, while always guaranteeing absolute confidentiality.
• Maintain a high professional level for employees, contractors and freelancers, as this is preparatory to the attainment of other goals: as technologies become uniform, it is the human factor which makes the difference.
• Guarantee the security of our clients’ information and data which, as corporate assets, have value for the organisation, in order to ensure business continuity, minimise damage and maximise return on investment and commercial opportunities.
• Adopt technical and organisational measures to ensure that the confidentiality, integrity and availability of the information managed is safeguarded.
• Protect the security of the systems by reducing the probability that the IT security parameters are violated to an acceptable value, by identifying in a timely manner when and in which part of the system this occurs, limiting the damage and restoring the violated aspects in the shortest possible time.
• Protect corporate IT resources through the selection and application of appropriate precautionary measures, which must not be perceived as restraints and limitations on the organisation’s mission, but rather as elements which contribute to the attainment of the corporate goals.
• Help spread IT culture in order to create and promote the assets of knowledge and expertise which make a substantial contribution to the creation of IT awareness and identity in the local area, through different methodologies of services and equipment.
Yarix follows and applies the following principles in IT security:
• The security measures must comply with company business requirements, as well as applicable legislation and contractual obligations.
• Security is a process which concerns everyone; individual awareness combined with responsible use of resources plays a key role in meeting the set security goals.
• The security measures identified must find a balance between costs and risks.
• The security measures must be simple to understand, in order to facilitate their application.
• Security must be planned and incorporated from the initial phases in the development activities.
• Personal data is processed in accordance with the principles laid down in article 5 of the General Data Protection Regulation (EU/2016/679).
• Authorisations for access to information must be based on the “need-to-know” principle with regard to the company’s business.
• Security must be continuously monitored.
In addition to the foregoing, in 2016 Yarix decided to supplement the previously implemented management systems with a Workplace Health and Safety Management System which aims to guarantee the protection of the company’s workers during their activities and ensure constant compliance with applicable workplace health and safety legislation, choosing the guidelines issued by INAIL (national insurance institute for accidents at work) as a reference (Linee Guida UNI INAIL ed. 2001).
The implemented system is not certified by a third-party body, but nevertheless allows the company, through simple, commonplace workplace health and safety principles, to maintain control of the company processes which could have a negative impact on worker health and safety or on the organisation itself, exposing it to legal action by supervisory bodies.
Yarix places the importance of individual workers at the centre of its organisation, and aims to guarantee the highest levels of protection for the health and safety not only of its own human resources, but also all users who may be involved in the activities promoted and/or requested by the organisation.
The overall goal of the company is to incorporate the management of the company’s production processes and the management of workplace health and safety, and make them inseparable; to this end, it has chosen to integrate the previously implemented management systems with the safety management system.
In order to achieve the workplace health and safety goals, the management therefore commits to:
• Identifying all hazards to worker health and safety related to the activities performed and, as a consequence, evaluate, manage and monitor the work risks, with the goal of reducing the number of accidents, avoiding the onset of occupational diseases and, in general, pursuing continuous improvement in working conditions and employee wellbeing.
• Guaranteeing the safety of the work environments.
• Identifying workplace health and safety regulations applicable to the company’s activities in a timely manner and ensuring they are complied with in the long term; this includes both standards and legislation which are mandatory and those voluntarily adopted by the company, making use of expert external consultants and specialists where necessary.
• Clearly defining the roles, duties and responsibilities of each corporate figure as regards safety management.
• Providing its workers, as well as all other stakeholders, with the knowledge and expertise required to bring to completion not only its own production tasks but also those relating to workplace health and safety, raising awareness of the principle that they all play an active and important role in identifying safety-critical situations, both for themselves and their colleagues.
• Involving and consulting the workers in order to identify the areas for improvement in terms of workplace health and safety.
• Protecting the health and safety of the workers through regular health check-ups and employee training, both upon hiring and with continuous training.
• Protecting particularly sensitive workers, such as minors, pregnant workers, working mothers and workers with disabilities.
• Ensuring sufficient numbers of human resources to manage the work processes and workloads, in order to ensure that the workers’ physical and mental wellbeing is not compromised.
• Prioritising preventive actions and internal audits in order to minimise the possibility of incidents, accidents and hazardous situations occurring.
• Pursuing continuous improvement in the area of workplace health and safety, by continuously setting new goals and ensuring that the implemented management system is maintained over time.
The management of Yarix, which share in the principles and goals of quality and information security, approves and issues this integrated Quality and Security Policy document and fully supports a programme for its implementation and maintenance, drawing the attention of employees to these aspects.