GOVERNANCE

Our contribution to the UN 2030 Agenda

ETHICS AND COMPLIANCE

Ethics and compliance are a competitive differentiating factor in stakeholder relations.
Ethical conduct, respect for values and care over compliance not only reduce the risk of regulatory non-compliance and the associated reputational risk, but are a central element of the products and services offered.

In order to make our activity increasingly more transparent, we have implemented an Organisational Model compliant with Legislative Decree 231/01, and a Code of Conduct.
The Code of Conduct includes the values F2A believes in, and ensures that all company activities are carried out with honesty, integrity and fairness in compliance with applicable regulations, and are structured in:

Periodic supply of training on Legislative Decree 231/01 231/01

Appointment of a Supervisory Board with a collegial structure

Establishing a regular reporting system to the Supervisory Board

Implementation of a whistleblowing procedure for handling ethical reports

DATA PRIVACY

Ensuring service compliance by incorporating continuous regulatory updates on privacy and data protection is a priority for F2A. Managing the data of companies, employees, workers and business partners on a daily basis, ensuring privacy and the security of data processed is a fundamental requirement to satisfy customer trust and stay on the market.

The confidentiality of the information and data held by F2A and compliance with privacy regulations have been guaranteed by adopting a number of technical and organizational controls. Furthermore, we have set up a Compliance department which, among other things, is responsible for guaranteeing company compliance with the GDPR and any further privacy regulations.

Periodic GDPR training in order to promote a widespread corporate culture on the proper handling of privacy-sensitive data

Appointment of a DPO for Group companies

Implementation of formal procedures containing functional controls for proper data processing

Creation of a privacy team dedicated to managing regulatory compliance

CYBERSECURITY

In F2A, it is essential to ensure that its services are protected against security risks and threats. More specifically, security, data privacy, fraud prevention and crisis management are key aspects that ensure service quality and business continuity.

All measures taken by F2A are described in a Cybersecurity Policy drawn up in its latest version in 2021 and concern: data centres, applications, workstations, and end-user training. In particular, of the many cybersecurity measures undertaken by F2A, please note:

Data centres

All F2A production infrastructures are located with external outsourcers certified by the standards ISO 27001, ISO 20000, ISO 45001

Applications

All applications are designed using the Owasp framework, and are tested by certified external suppliers (vulnerability and penetration tests)

Workstations

All operating systems are constantly updated with the latest security patches through centralised management consoles

Investments

F2A reserves 10 per cent of its IT investments for cybersecurity introducing, among other systems, Darktrace, a leading tool in Autonomous Cyber Defence