The Management, with the issuance of the following declaration, establishes the Company Policy highlighting the objectives and the commitments undertaken accordingly. This policy, which has been defined consistently with the purposes and context in which Max Application operates and related market needs, is communicated to all collaborators through its posting in the offices and is available to all interested parties through publication on the websites.

At least once a year, during the Management Board Review, the Management Board, together with the Area Managers, reviews the contents of this policy and issues objectives.

To achieve its corporate objectives, Max Appplication implements a policy geared towards providing services that:

1. Satisfy clearly defined market requirements and meet client expectations,
2. They are organised in such a way as to achieve a constant increase in client satisfaction.

In addition, Max Application intends to preserve information assets, ensuring adequate levels of security in the handling of strategic information used in business processes and the services provided to clients.

Max Application, through the commitment and active involvement of all company components, undertakes to

• base its policy on the analysis of the external and internal context, the needs of stakeholders and the identification of risks and opportunities at strategic and operational levels;
• define the necessary modalities to ensure that this policy is understood and applied at all levels of the company;
• ensure the continuous improvement of the quality of the service provided to meet the needs of the market continuously;
• ensuring that the predetermined quality is achieved and maintained over time at an optimal cost;
• assure the client that the pre-established quality is achieved by providing evidence of it in the contractually agreed terms and manner;
• periodically measure and verify the quality results and effectiveness of the company’s Integrated Quality-Safety Management System;
• preserve information assets, ensuring adequate levels of security in the handling of strategic information in business processes.

Quantified and measurable quality and information security objectives are established to monitor the performance of processes and services provided, as well as the Management System.

To achieve the information security objective, the aim is to know, through appropriate tools and procedures, the value of the information and the means used to process and disseminate it, the threats to which it is exposed and its vulnerability, and to bring the risks down to an acceptable threshold through the design, implementation and formalisation of an ‘Information Security Management System‘ that meets the legal requirements and complies with the ISO 27001 regulation.

To pursue this mission, we aim to implement an integrated quality-information security management system that meets the critical success factors of the target market and the ISO 9001, ISO/IEC 27001 regulations.

Specifically, with regard to the different areas assessed (Information Security/Quality), the IMS has the following objectives.

Quality:

• the development, installation, support and maintenance of its own software products that are as reliable, user-friendly and documented as possible;
• the marketing of these products and the development of software products at the client’s specific request;
• achieve appropriate levels of efficiency to improve the profitability of the company;
• reduce the client’s waiting time for assistance, maximising the effectiveness of responses and the productivity of people.

Security of information and data:

• concerning services provided in a SaaS environment, guaranteeing the maintenance of business process continuity;
• managing the confidentiality of information;
• protection against unauthorised access;
• protecting the integrity of information;
• the application of security and privacy by design principles in information processing to prevent breaches;
• the continuous improvement achieved through the evaluation of possible weaknesses in the company’s information system;
• improve internal awareness of information security risks;
• the involvement of outsourcers and suppliers in order to raise and align security standards to those adopted by Max Application;
• coordination with IT security control authorities in compliance with the relevant regulations.