Corporate Security Policy
Security system
Safeguarding Value, Protecting the Future
The protection of our resources—from human capital to tangible and intangible assets—is of vital importance not only for the company, but also for our shareholders and, more broadly, for the Italian System. On the basis of this conviction, we are committed to the development and implementation of protocols and best practices for the identification, management, and mitigation of security risks, both at the parent company and within subsidiaries, in the belief that effective prevention and protection strategies constitute an ethical as well as economic value in management and business activities.
BUSINESS CONTINUITY
PROTECTION OF EMPLOYEES AND TANGIBLE AND INTANGIBLE ASSETS
RISK ANALYSIS AND MANAGEMENT
THE 6 PRINCIPLES OF SECURITY POLICY
SECURITY AWARENESS AND KNOWLEDGE AT ALL LEVELS
INVOLVEMENT OF MANAGEMENT AND STAKEHOLDERS
DEFINITION OF POLICIES AND PROCESSES
We ensure a constant security risk management process aimed at providing the highest level of protection for employees and the tangible and intangible assets at our disposal, supporting the achievement of our social and business development objectives.
SECURITY CULTURE: A SHARED COMMITMENT
To achieve widespread security levels, we constantly seek the informed and responsible commitment of all our employees, whose active involvement enables the spread of a security culture throughout all our workplaces.
SECURITY POLICY PILLARS
Protection of people
+
People are the key success factor in defining and achieving the Group’s objectives. We are committed to safeguarding their safety and well-being, both in Italy and abroad, supporting management in fulfilling the duty of protection (Duty of Care) required by Italian, EU, and, where applicable, destination country regulations.
As part of our ongoing improvement efforts, we have decided to integrate the guidelines of the international standard “UNI ISO 31030:2021 Travel Risk Management – Guidance for Organizations” into our travel risk management model, which, following a rigorous risk management approach, enables us to identify and assess the risks present in various destinations, inform and train those concerned, and activate prevention and/or mitigation measures. To this end, since 2023 we have drawn up the Travel Risk Management Policy, signed a Memorandum of Understanding with the Ministry of Foreign Affairs to strengthen an already active public-private partnership, and initiated the necessary updates to processes and procedures in our Travel Risk Management operational model to align it with the ISO31030 standard, certifying actual compliance in 2024.
Lastly, we prepare the company—through regular updates and drills—to handle crisis situations that may affect our personnel abroad, monitoring the emergence of possible threats (Early Warning) and coordinating the response to critical situations through Crisis Committees chaired by employers and supported by functions involved in the TRM process or deemed necessary for managing the specific event.
Protection of information
+
Information is vital for business operations and the maintenance of strategic advantage. For this reason, we assign a value to each piece of information based on its importance within and outside the company, its operational or strategic nature, and the potential negative effects for the company and employees in the event of unauthorized access, loss, and/or destruction.
Furthermore, we implement necessary security measures to ensure the protection, availability, and integrity of information, assessing every action that ensures its proper use, through organizational procedures that include in particular the assignment of an internal classification, physical arrangements with access and dissemination restrictions, digital protection, and retention criteria.
For information governed by State Secret regulations, we have obtained and maintain a special authorization issued and certified by the National Security Authority, allowing us to handle information of strategic and military interest in accordance with national laws and regulations and international agreements for classified contracts with foreign countries. We operate in compliance with specific national and international laws, promoting awareness of sector regulations and the continuous training of personnel involved.
Protection of physical assets
+
Physical assets are essential for operational continuity and achieving corporate objectives. To protect them, we adopt a physical security risk assessment methodology based on international best practices, aimed at identifying and updating appropriate containment actions of a physical, technological and/or organizational nature, implemented in harmony and in compliance with specific industry regulations. Furthermore, the effectiveness of the security measures implemented is constantly monitored so they can be adjusted in response to any changes in the security level.
Protection of business integrity
+
We safeguard the principles of legality, ethics, and transparency through a meticulous verification process of the reputational requirements of our supply chain. The integrity due diligence checks carried out on third parties help protect our business from criminal infiltration.
In this regard, we remain alert and vigilant to any possible interference that may, even potentially, threaten the integrity of our business and our operations in the market. For this reason, we have strengthened and expanded public-private partnership initiatives on business legality and transparency through:
the signing of a new Protocol of Legality with the Ministry of the Interior, which reinforces the existing protections and helps promote a widespread culture of legality, to safeguard Fincantieri and the trust of our stakeholders
the signing of a Memorandum of Understanding with the General Command of the Guardia di Finanza, which strengthens prevention and local cooperation, and provides for joint action focused on the protection of legality, with particular attention to the prevention and fight against economic-financial crime, fraud, corruption, and irregular work.
More generally, protection depends on understanding the threats our business is exposed to. For this reason, we constantly fuel our knowledge base with an ongoing threat intelligence process aimed at identifying and assessing criminal threats.
TECHNOLOGY
USE OF ADVANCED TECHNOLOGICAL SOLUTIONS
CONTINUOUS IMPROVEMENT
ALIGNMENT OF PROCESSES WITH INTERNATIONAL BEST PRACTICES AND STANDARDS
METHODOLOGY
APPLICATION OF AN ONGOING RISK MANAGEMENT PROCESS
PEOPLE
PROMOTION OF SECURITY AWARENESS INITIATIVES
Governance and Business Integrity
+
| COMMITMENTS | OBJECTIVE | DESCRIPTION/TARGET | TIMELINE | PERIMETER | STATUS | SDGS |
| Maintenance of the Corporate Governance system and risk management (including sustainability risk) in line with international best practices | Alignment of the FINCANTIERI Travel Security program with the guideline UNI ISO 31030: 2021 Travel risk management - Guidance for organizations to further ensure the safety of travelling employees | Definition and publication of a Travel Risk Policy compliant with ISO 31030 and updating of existing corporate procedures (where necessary) | 2024 | Fincantieri S.p.A. | Achieved |
|
| Definition of a Travel Risk Management (TRM) operational model for Fincantieri S.p.A. | We drafted and published the Travel Risk Management Policy, which is available to all stakeholders on the official website. In addition, we have defined a Travel Risk Management (TRM) operating model and is the first Company in Italy to have obtained ISO 31030 certification, international certification that provides guidelines for managing risks linked to business travel. | |||||
| Gap analysis through third-party audit of Fincantieri's TRM model referring to the perimeter of Italian subsidiaries and drafting of an alignment road map | 2026 | Italy | Work in progress |
|||
| Start of the gap analysis process of Fincantieri’s TRM model referring to the VARD group perimeter and drafting of an alignment road map | 2027 | Group (excluding American subsidiary companies) |