In order to consolidate its leader position in the reference sector, TUVIA ITALIA S.p.A. commits to activate a management system for contributing towards the safeguarding of its partners. In effectively improving the Security Management System, the distribution chain will become more protected from possible menaces to persons and property deriving from critical aspects which might arise on products managed by TUVIA ITALIA.
Equally, TUVIA ITALIA intends to promote a culture of Security with regard to its partners, in order to put in place a concrete form of prevention of risks, even more effective if they are shared.
In July 2018 TUVIA ITALIA obtained the ISO 28000:2007 certification “Specification for Security Management System for the Supply Chain” which confirms to all stakeholders the actualization of its Security Policy.
The Security objectives for the current year are:
- to reinforce the protection of our partners’ products (physically and at the electronic level) during all phases managed by TUVIA ITALIA (inbound, warehousing and outbound);
- to implement training programmes on Security with the information issued by security management, to reduce the risks which weigh on the product;
- to collaborate at all organizational levels of TUVIA ITALIA, with clients and with the suppliers for the identification of risks – existing and/or potential – which weigh upon the data, in order to reduce the consequences, etc.);
- to monitor full conformity with current applicable legislation and to the contractual requirements with clients and suppliers in general;
- to activate actions for continuous improvement of the Security Management System.
TUVIA ITALIA S.p.A. periodically carries out Security Risk Assessment in order to identify the risks pertaining to security, and the threats and vulnerabilities of its own organisation related to the supply chain. The results of the SRA and the evaluation on the physical, the electronic (IT) and the organizational (Quality Management System) security measures, have been input elements for identifying the levels of risk (complexity and level of significance) regarding the activities carried out up to the date of activation of the SRA.
To manage the evolution of new risk scenarios deriving from changes to the organization, infrastructure, the geopolitical context or the management of new clients/suppliers, the procedure is as indicated in the Security Risk Assessment.
The SRA output generates the following elements:
- Indications on the level of risk and the acceptability of that risk;
- description or reference to monitoring actions on the level of risk;
- objectives and targets for the elimination/reduction of the risk;
- identification of the roles and responsibilities for activating and monitoring measures for mitigating the risk;
- integration of operational controls on security.
Recordings related to the decisions to be activated for the mitigation of risks are subject to Senior Management review procedures.