SENECA S.r.l. places the utmost importance on information security, data protection, and the continuity of digital services, and adopts appropriate technical and organizational measures in compliance with applicable European and national regulations, including:

• Regulation (EU) 2016/679 (GDPR)
• Directive (EU) 2022/2555 – NIS2
• ISO/IEC 27001 standards and applicable cybersecurity frameworks
• Cyber Resilience Act (CRA), where applicable to the products and services provided

Reporting security incidents and vulnerabilities

Any individual (customers, partners, suppliers, or third parties) who becomes aware of potential security breaches, cyber incidents, data breaches, vulnerabilities, or anomalous behavior that may compromise the information systems, digital services, or data of SENECA S.r.l. is encouraged to report them promptly.

Dedicated cybersecurity reporting address: security@seneca.it

Reports will be handled by the Company’s IT Security Team / CSIRT, in accordance with internal incident management procedures and in coordination with the NIS2 Point of Contact towards the competent Authority (ACN), as required by applicable regulations.

Handling of reports

Reports received will be:

• analyzed confidentially and professionally;
• handled according to the principles of necessity, proportionality, and confidentiality;
• assessed for any mandatory notification obligations towards competent authorities and affected parties within the statutory time limits (e.g. 24 hours under NIS2, where applicable).

SENECA S.r.l. does not request or accept unauthorized access to its systems; any security testing or related activities must be explicitly authorized in advance.

Organization and responsibilities

The management of IT security and cyber incidents is entrusted to a formalized organizational structure, which includes:

• Point of Contact towards the Board of Directors and competent Authorities (NIS2/ACN)
• CSIRT Manager / technical interface
• IT Manager
• Multidisciplinary Incident Response Team (IT, software, quality, legal, commercial, communication)

This structure ensures a coordinated approach in compliance with regulatory requirements and industry standards.