Submarine
Exploration
Company

Quality and Environmental Policy

Suex’s primary objective is to manufacture products that fully satisfy the demands of its Customers. The company’s aim is for the Quality and Environmental protection offered by its products and services to make it synonymous with a high level of quality and compliance with environmental regulations.

Specifically, the company believes it is of fundamental importance to:

• provide products that comply with the order specifications formulated by the customer;
• value the link with its own context and always operate in keeping with the risks and opportunities
• analysis, ensuring its policies are consistent with the analysis of the context, the strategies of the
• company and the environmental impacts of its activities, products and services;
• constantly pursue compliance with the law;
• continuously strive to improve environmental performance, especially in the areas of greatest impact;
• constantly pursue environmental protection by reducing waste and limiting the consumption of non-renewable resources;
• ensure complete respect for the ecosystem, always striving to protect and preserve it.

In order to achieve this objective, the Company declares the following commitments, divided by the time required to implement them:

Long-term objectives

1) To set up, maintain and review, at established intervals, a documented Quality and Environment System, in compliance with the reference standard (UNI EN ISO 9001 – UNI EN ISO 14001);
2) To operate in compliance with contractual specifications, always pursuing full customer satisfaction;
3) To fully comply with the mandatory regulations in the sector to which it belongs, always striving to exceed the minimum regulatory requirements;
4) To work constantly towards improving the efficacy of the Quality and Environmental management system, with systematic reference to the context in which the company operates.

The long-term objectives are verified by the Management during the System Review activities; as they are of a strategic nature, they are renewable yearly.

Short-term objectives

These are contained in the management review report. In view of the variability of the contents of this document, it was not considered appropriate to include it in this chapter.

The Management is committed to ensuring that all its staff, at all levels, are engaged with and fully aware of the fundamental principles of Quality and Environment management.

Information Security Policy

Information is a fundamental element of SUEX’s business: protecting our customers’ information, using it exclusively as requested by them and in compliance with the established service level agreements (SLAs), and the unique wealth of know-how built up by the company throughout its history is therefore an absolute priority for everyone who works at SUEX.
SUEX is aware that in order to achieve this priority, it is necessary to first and foremost guarantee the availability, integrity, and confidentiality of its information assets.
In applying the ISO/IEC 27001:2022 standard, SUEX intends to protect its corporate information by establishing rules and plans to ensure the integrity, confidentiality, and availability of information, in order to protect its employees/collaborators and interested third parties.
To achieve the expected result, the participation of all SUEX resources, at every level and grade, is necessary in striving for continuous improvement in the application of the Standards and constant satisfaction of the fundamental requirements identified in:

• Extensive and frequent involvement of all employees through training and sharing of company objectives.
• Commitment of the organization to promoting and encouraging the formulation of ideas and proposals for improvement in order to achieve the principle of continuous and constant improvement in the quality and safety of the service and the security, confidentiality, integrity, and availability of the organization’s information, both in training activities and in other work situations.
• Technological and organizational innovation aimed not only at improving internal processes but also at increasing the perception of security and reliability that SUEX conveys to the market and to interested parties.
• Contribution of employees at all levels of the company to the creation and implementation of an effective Integrated Management System, which is implemented on a daily basis by participating in the control, prevention, and continuous improvement of the quality of SUEX’s service and the achievement of the objectives set by management.

Measurement of the objectives set by the organization and the results achieved.

• The objectives that the Management intends to pursue through the Information Management System (IMS) are:
• To continuously and constantly improve customer satisfaction with the quality of the service provided—in terms of availability, integrity, and confidentiality of information—by increasing the perception of reliability that customers place in SUEX.
• Progressively increase (in compliance with current privacy and confidentiality laws) the level of physical and logical security of its corporate information assets and those entrusted to SUEX by customers.
• Adopt technological innovations available on the market, within a reasonable cost/benefit balance, to achieve greater organizational and operational efficiency and, at the same time, improve the effectiveness of “data traceability and availability.”
• Improve the perception of reliability that institutions and the market have towards SUEX.
• Reduce incidents that involve legal liability and diminish credibility in the market.
• Involve and raise awareness among all staff in the application and improvement of the Integrated Management System.
• Ensure the confidentiality, integrity, and availability of information in every business process.
• Achieve adequate levels of efficiency in order to improve the profitability of the company.
• Improve cost control and maximize investments made for the implementation and management of information security.
• Continuously and constantly analyze and evaluate possible weaknesses in the company’s information system.
• Analyze, evaluate, and address—continuously and consistently—the vulnerabilities that emerge in the various processes underlying the service provided by SUEX, in order to eliminate/mitigate the present and potential risks associated with them.
• Improve staff awareness (at all levels) of information security risks.
• Ensure the operational continuity of business processes.
• Ensure compliance with applicable laws and regulations.
• Establish staff selection and training processes that attract highly skilled professionals on the market.
• Consult with experienced assessors who support the organization by identifying areas for improvement and/or areas/processes that do not comply with the requirements of the ISO/IEC 27001:2022 standard.
• Ensure the protection of information (particularly sensitive data) and company know-how.

To pursue these objectives, the SUEX Management will avail itself of the collaboration of the IT Manager, committing to making available tools and resources for the achievement of the objectives set out and to ensuring that the above declared is understood, implemented and supported at all levels of the company by requiring all SUEX employees to actively collaborate in the management and maintenance of the Integrated Management System.

Management undertakes at least annually to review the organization’s Information Quality and Security Management System to ensure its continued suitability, adequacy, and effectiveness.

Policy for the Safety and Health of Workers

The Company Management aims to make organizational, instrumental and economic resources available, with the aim of ensuring the health and safety of workers in the workplace and stimulating situations and behaviors that continuously improve the standards already achieved.

In order for these objectives to be achieved, it has activated a Workplace Safety and Health Management System (SGSL), as an integral part of its work organization.

The Safety and Health Management System is adequate and effectively implemented as required by Legislative Decree. 231/01 “Regulation of the Administrative Responsibility of the Legal Person” “and represents a suitable organizational model for industrial safety crimes.

The Management is committed to addressing the safety aspects related to the different phases of company work, implemented to date or of future forecasting, as relevant aspects of its activity.

It is also committed to organizing the entire company structure, from the employer to the RSPP, from security officers to employees, from employees to casual workers, so that everyone participates, according to their responsibilities and skills, in the implementation of the SGSL and in achieving the defined security objectives. This Policy is disseminated to all operational personnel by posting. The Company Management undertakes to:

1. Compliance with CURRENT LEGISLATION on occupational safety and health is considered a priority, as well as a commitment to observe the provisions of the Risk Assessment Document and any Single Interference Risk Assessment Documents correctly drawn up for each specific situation.
2. INFORMATION ON THE RISKS linked to the various activities carried out shall be disseminated to all the workers concerned; their TRAINING shall be carried out and updated with specific reference to the job performed.
3. CONSULTATION OF WORKERS shall be ensured, including through the workers’ safety representative, regarding aspects of safety and health at work, through specific meetings to be held on a periodic basis.
4. All workers are trained, informed and sensitized to carry out the TASKS assigned to them in safety matters, through the establishment of specific meetings.
5. The corporate structure participates, according to its responsibilities and competences, in the ACHIEVEMENT OF the assigned security OBJECTIVES.
6. The efficiency and safety of the MACHINES and INSTALLATIONS used are guaranteed through a system of periodic checks and maintenance.
7. Business facilities and infrastructure should be maintained in good and decent condition, and the flow of materials and people regulated, so as to prevent accidents.
8. Quickly and effectively address emerging NEEDS during work activities.
9. COOPERATION and COORDINATION between the various company resources as well as with other companies operating on the site are promoted, including through specific periodic meetings.
10. Due consideration should always be given to the expectations of the parties concerned and in particular COLLABORATION with business organisations and relevant external bodies should be promoted.
11. Priority should be given to preventive actions and internal investigations to protect the safety and health of workers, such as periodic analytical monitoring of air quality in work environments (microbiological and on inhalable and respirable fractions of dust) in order to ENSURE GOOD QUALITY’ OF UTILITIES and significantly REDUCE the likelihood of ACCIDENTS, INJURIES or other non-conformities occurring.
12. Initiatives are promoted to stimulate company resources to protect their health and well-being even in the workplace, for example by choosing healthy foods such as vegetables and fruit, discouraging smoking, proper waste management, preventing waste, adopting virtuous behaviors regarding water and electricity consumption, participation in periodic events organised within the urban fabric, so as to significantly REDUCE behaviour that is dangerous to health.
13. The Policy, Objectives and implementation of the SGSL should be reviewed periodically with the aim of achieving a CONTINUOUS IMPROVEMENT in the level of safety and health at work as part of the activities carried out.

Management reviews defined annually make it possible to ascertain: whether the objectives have been achieved and whether they remain appropriate and adequate to achieve the defined purposes; whether the pursuit of continuous improvement in all business activities is implemented effectively; whether information at the relevant levels of the organization is appropriate to the objectives. This policy is accessible to interested parties by publication on the company’s website.