3D2B was created with the task of supporting companies strengthen their marketing and sales activities to increase revenue.
The key principles on which 3D2B was founded are efficiency, innovation, professionalism, and experience.
3D2B's mission concerns the design, development and delivery of marketing and consulting services for customer acquisition, and provides services related to inside sales, lead generation, lead qualification and data enrichment.
Due to the fact that information assets represent the core of the services provided, the General Manager has identified the Information Security Management System as a tool for achieving 3D2B’s objectives ensuring its commitment to meet the related requirements and continuous improvement is always guaranteed.
3D2B considers in fact the continuous improvement of its processes, as well as of the Management System, one of the strategic tools through which to achieve its objectives that can be summarized as follows:
- To best protect its information assets and those of its customers.
- Constantly develop and innovate marketing and consulting services by intercepting the needs of the client and ensuring information security and data quality.
- Provide products/services and solutions that support customers in full compliance with local and international rules and laws and help seize opportunities for the development of the sector.
- Keep the security of the 3D2B information system consistently high by preserving its information and ensuring its availability, confidentiality, and integrity
- Maintain and increase the degree of trust that Customers, Users, Suppliers, and the community generally place in 3D2B and in its ability to manage processes and the entire information assets safely.
- Enhancing human resources and their professional growth at all levels.
- Spread the culture of safety through appropriate training and providing information to all staff and to increase their awareness.
- To promote a working environment that is inspired by respect, correctness, and collaboration, allows the involvement and responsibility of the staff.
- Act in full compliance with the rules and laws in force at national and international level and applicable to the organization's sector of activity.
- Develop a corporate culture of information security as a shared value to inspire daily activity.
- Prepare and maintain for these purposes a System of Information Security Management Policies with the aim of ensuring the confidentiality of data when confidential access is required, preventing the alteration or loss of information assets, ensuring the availability of information and services, including through appropriate business continuity plans, ensuring the certainty of the origin of information (not a repudiation), and managing appropriate procedures for the detection and management of events and accidents.
The Management System, compliant with ISO/IEC 27001:2013, is the management tool adopted to pursue this policy, the main pillars of which can be summarized as follows:
- management of risks that threaten the security of information with the implementation of the appropriate technical, technological, and organizational countermeasures.
- compliance with national legislation on information security and the protection of personal data
- compliance with contractual clauses with customers and suppliers that establish quality and safety constraints.
- compliance with ISO/IEC 27001:2013
The System is applied both to project consulting and management activities, to the services and data of the technologies used, and to their management and configuration.
Information must be managed securely, accurately, and reliably, protected according to the classification assigned, and must be readily available for permitted uses.
The Management System, therefore, in accordance with ISO/IEC 27001:2013, provides evaluation for periodic risk assessments to take into account the strategic objectives expressed in this policy, any incidents and business and technological changes; the risk analysis is intended to assess the risk associated with the assets to be protected against the identified threats, so that the 3D2B Management can assess the results obtained by accepting the acceptable risk threshold, prepare the risk mitigation treatment beyond that threshold and manage the residual risk following treatment.
All external entities that have relations with 3D2B are required to comply with the security requirements contained in this Policy also through the signing of appropriate confidentiality agreements to be signed upon the engagement, provided that this type of constraint is not expressly indicated in the contract.
The Integrated Policy is reviewed and, if necessary, updated during the Management Review.