Information Security Manual


The Information Security policy of the Group's Italian companies is the set of values and principles defined by the Management which constitute the fundamental basis of reference for identifying the objectives and for guiding the Company towards positive and satisfactory results for all those interested in the performance and success of the Group's Italian companies: customers, property, investors, employees, suppliers, and end users. All this with particular attention and awareness of the role played by information, and therefore of the value of information assets in relation to corporate strategy.

Given the nature of its activities, the organization considers the security of information an essential factor for the protection of its information assets and that of the interested parties as well as a factor of strategic value that can be transformed into a competitive advantage.

The organization is aware of the fact that business processes presuppose the processing of critical data and information by staff, and / or the entrustment of this information to external parties (customers, suppliers, collaborators). Furthermore, the lack of adequate levels of security can lead to harm to the organization's activity, lack of customer satisfaction, the risk of incurring penalties related to the violation of current regulations, as well as damage of an economic, financial and corporate image nature as well as to the function of the processes.

For these reasons we intend to take the measures, both technical and organizational, necessary to best guarantee the integrity, confidentiality and availability of the information assets of the Group's Italian companies.

In this respect, the Italian companies of the Group have decided to put in place an Information Security Management System defined according to the rules and criteria established by the "best practices" and by the international reference standards in compliance also with the indications of the UNI CEI EN standard. ISO / IEC 27001 ".

The "Brembo Information Security Policy" document which declares the guidelines relating to the individual and specific issues relating to information security, is re-evaluated during the Management Review in order to adapt it to any regulatory, technological, organizational, social changes or economic conditions.

The​ “Brembo Information Security Policy”​is widespread, understood and implemented by the entire Organization through publication on the corporate Intranet and through a constant awareness-raising action carried out by the Information Security Committee.