Perimeter and objectives

The policy provides a guide to all SCM Group personnel and any third parties concerning their responsibilities towards the control and use of IT resources and responsibility for their properties. Furthermore, this policy provides information on how to manage identities, the security of IT and network systems, controls of IT structures and maintaining the level of security in the evolving process of the systems themselves.

This policy has three purposes:

  • Privacy - Protecting against unauthorised access, theft or distribution of SCM Group’s information, either accidentally or intentionally.
  • Integrity - Safeguarding against unauthorised change, destruction or creation of information or electronic communications.
  • Availability - Protection to guarantee a service to authorised users.



Key points

Outlines the procedures for the delivery and return of IT assets and the responsibilities concerning the security of SCM Group’s devices and protocols for reporting theft or loss.

  • Asset Management
  • Physical and Environmental Security
  • Systems Updates
  • Access Control 
  • Reply to Incidents



Security by Design

SCM Group’s systems, standards and platforms need to be implemented by taking security into consideration right from the design stage. Business Analysts and Business Process Owners have the joint responsibility of ensuring that security guidelines are an integral part of the systems’ design, testing, installation and distribution process. Security problems and impact need to be dealt with and documented.



Contribution from employees and stakeholders

Managers and Directors are in charge of:

  • Communicating and guaranteeing respect for this policy and sustaining the guidelines
  • Providing information and making decisions concerning the concession and removal of access to SCM Group’s information and systems. 

All of SCM Group’s stakeholders (or rather employees, service providers, suppliers, contractors, consultants, channel and joint ventures sales partners, subsidiaries and associates) who generate, possess and control information or use IT equipment covered by this policy are in charge of protecting it in compliance with this policy and the supporting guidelines.



Updates and training

SCM Group periodically holds training courses on IT security for all its employees (as well as when new employees are hired) so they can better understand how to use IT tools, the security measures adopted and to be adopted, and the security measures and procedures to be implemented.




For further information on privacy issues, contact:



Complete policy