Organization, Management and Control Model

Notice

This document is a translation provided for convenience only. In case of discrepancies or inconsistencies, the official and legally binding version is the original Italian version.

1 Introduction

Intellitronika srl (hereinafter also referred to as “Intellitronika”) has decided to prepare and adopt the Organization, Management and Control Model in order to comply with the provisions of Legislative Decree no. 231/2001, as it has always been attentive and mindful of legal requirements in general and, in particular, of the protection of the health and safety of its employees and subcontractors, as well as the protection of the environment in which it operates.

In general, the Organization, Management and Control Model of Intellitronika pursues the following objectives:

To protect the Company, to the greatest extent possible, from the consequences of unlawful acts that may be committed by its personnel (including both managerial and non-managerial staff).
To protect the Company, to the greatest extent possible, from the consequences of negligent or intentional unlawful acts committed by subcontracting companies entrusted with the construction of systems on behalf of Intellitronika.
To improve the structure and functioning of its organization for the benefit of the Company’s efficiency.
To promote the integration of Management Systems for which Intellitronika may seek certification by Third-Party Bodies, with regard to risks related to mandatory regulatory compliance (Environment, Occupational Health and Safety, Information Security, etc.).

In accordance with the principles set out in this introduction, Intellitronika srl approves the adoption of the Organization, Management and Control Model within its corporate organization.

2 Reference legislation: Legislative Decree of June 8, 2001, no. 231

The administrative liability regime applicable to legal entities

Legislative Decree no. 231 of June 8, 2001, as subsequently amended and supplemented, which introduced the “regulation of the administrative liability of legal entities, companies and associations, including those without legal personality,” aligned Italian legislation on the liability of legal entities with certain international conventions previously ratified by Italy, in particular the Brussels Convention of July 26, 1995 on the protection of the European Community’s financial interests, the Brussels Convention of May 26, 1997 on the fight against corruption involving officials of the European Community and of the Member States, and the OECD Convention of December 17, 1997 on combating bribery of foreign public officials in international business transactions.

The Decree introduced into the Italian legal system a regime of administrative liability in criminal proceedings applicable to legal entities (hereinafter also referred to as “Entities”), which is in addition to the liability of the natural person who is the material perpetrator of the offense, and which aims to involve, in the punishment of such offenses, the Entities in whose interest or for whose benefit such offenses have been committed.

2.1 Principle of legality

Corporate liability arises within the limits established by law: the Entity “cannot be held liable for conduct constituting a criminal offense if its liability (omitted text) in relation to that conduct and the related sanctions are not expressly provided for by a law” in force prior to the commission of such conduct (Article 2 of the Decree).

The Entity cannot be held liable for the commission of any criminal offense, but only for those offenses and specific administrative violations expressly provided for in the original Decree, as subsequently amended and supplemented, as well as in laws that expressly refer to the provisions of the Decree.

2.2 Conditions for the liability of the Entity

The commission of one of the offenses indicated in the Decree constitutes one of the conditions for the applicability of the provisions set forth therein. In order for the Entity to be held liable, additional conditions are also required. First, it is necessary that the criminal act has been committed “in the interest or for the benefit of the Entity,” regardless of whether such objective has actually been achieved, and by one of the subjects identified in the Decree.

The criterion of “benefit” refers to the result that the Entity has objectively derived from the commission of the unlawful act, irrespective of the intention of the person who committed it.

The Entity is not liable if the act was committed by one of the subjects identified in the Decree “in the exclusive interest of the perpetrator or of third parties.” Furthermore, it is necessary that the criminal offense has been committed by one or more qualified persons, namely: “persons who hold functions of representation, management or direction of the Entity or of one of its organizational units with financial and functional autonomy,” or by persons who “exercise, even de facto, the management and control” of the Entity (so-called “senior management”); or alternatively “persons subject to the direction or supervision of one of the senior management” (so-called “subordinates”).

In other words, the perpetrators of the offense from which administrative liability of the Entity may arise may be:

Individuals in “senior positions,” such as, for example, the legal representative, director, general manager, or plant manager, as well as persons who, even in fact, exercise management and control of the Entity.
Individuals who do not hold managerial positions, such as employees, as well as external parties entrusted with tasks to be carried out under the direction and supervision of senior management.

The provisions of the Decree exclude the liability of the Entity where, prior to the commission of the offense, it has adopted and effectively implemented an “Organization, Management and Control Model” suitable for preventing offenses of the type that occurred. From this perspective, the liability of the Entity is linked to the “failure to adopt or to comply with required standards” relating to the organization and activities of the Entity.

The adoption of an “Organization, Management and Control Model” does not constitute a mandatory requirement for the Entity, in the sense that there is no legal obligation for a company to adopt a model compliant with the provisions of the Decree.

However, if the company fails to do so, it will not be able to avoid the administrative liability established by the Decree.

2.3 Offenses committed by individuals in senior positions

With reference to offenses committed by individuals in “senior positions,” the Decree introduces a form of rebuttable presumption of liability of the Entity, whereby its liability is excluded only if it proves that:

“the governing body has adopted and effectively implemented, prior to the commission of the offense, organization and management models suitable for preventing offenses of the type that occurred.”
“the task of supervising the functioning of and compliance with the models and of ensuring their updating has been entrusted to a body of the Entity vested with autonomous powers of initiative and control.”
“the individuals committed the offense by fraudulently circumventing the organization and management models.”
“there was no omission or insufficient supervision by the body vested with autonomous powers of initiative and control.”

The above conditions must all be met jointly in order for the liability of the Entity to be excluded.

2.4 Offenses committed by individuals in “subordinate” positions

The Entity may be held liable for offenses committed by individuals in “subordinate” positions only where it is established that “the commission of the offense was made possible by the failure to comply with obligations of direction or supervision.”

In this case, the Decree attributes liability to a breach of duties of direction and supervision, which typically rest with the top management of the Company (or with individuals delegated by them).

In any case, failure to comply with obligations of direction or supervision is excluded, and therefore the Entity shall not be liable, if:

the governing body has adopted and effectively implemented, prior to the commission of the offense, an organization and management model suitable for preventing offenses of the type that occurred.
the task of supervising the functioning of and compliance with the model, as well as proposing its updating, has been entrusted to a Supervisory Body of the Entity, vested with autonomous powers of initiative and control, within the framework of the Organization, Management and Control Model.
the individuals who committed the offense acted by fraudulently circumventing the aforementioned model.
there has been no omission or insufficient supervision by the Supervisory Body (SB).

According to the Decree, therefore, the adoption and effective and proper implementation of a suitable Organization, Management and Control Model constitutes fulfillment of the duties of direction and supervision and operates as an exemption from the Entity’s liability.

2.5 Types of offenses covered

The scope of application of Legislative Decree No. 231 of June 8, 2001 (“Legislative Decree 231/2001”) is as follows:

Undue receipt of public funds, fraud against the State or a Public Entity, or for the purpose of obtaining public funding, and computer fraud against the State or a Public Entity (Article 24, Legislative Decree 231/2001).
Cybercrimes and unlawful data processing (Article 24-bis, Legislative Decree 231/2001) [article introduced by Law No. 48/2008; amended by Legislative Decrees No. 7 and 8/2016; further amended by Decree-Law No. 105/2019].
Organized crime offenses (Article 24-ter, Legislative Decree 231/2001) [article introduced by Law No. 94/2009 and amended by Law No. 69/2015].
Embezzlement, extortion, undue inducement to give or promise benefits, corruption, and abuse of office (Article 25, Legislative Decree 231/2001) [article amended by Law No. 190/2012, Law No. 3 of January 9, 2019, and Legislative Decree No. 75/2020].
Counterfeiting of currency, public credit instruments, revenue stamps, and identification tools or marks (Article 25-bis, Legislative Decree 231/2001) [article introduced by Decree-Law No. 350/2001, converted into Law No. 409/2001; amended by Law No. 99/2009 and Legislative Decree No. 125/2016].
Crimes against industry and commerce (Article 25-bis.1, Legislative Decree 231/2001) [article introduced by Law No. 99/2009].
Adulteration and counterfeiting of food products, trade in adulterated or counterfeit food, and trade in harmful food products (Law No. 9 of January 14, 2013).
Corporate crimes (Article 25-ter, Legislative Decree 231/2001) [article introduced by Legislative Decree No. 61/2002, amended by Law No. 190/2012, Law No. 69/2015, and Legislative Decree No. 38/2017].
Crimes with the purpose of terrorism or subversion of the democratic order provided for by the Criminal Code and special laws (Article 25-quater, Legislative Decree 231/2001) [article introduced by Law No. 7/2003].
Practices of female genital mutilation (Article 25-quater.1, Legislative Decree 231/2001) [article introduced by Law No. 7/2006].
Crimes against individual personality (Article 25-quinquies, Legislative Decree 231/2001) [article introduced by Law No. 228/2003; amended by Law No. 199/2016].
Transnational crimes (Law No. 146 of March 16, 2006, Article 10).
Market abuse offenses (Article 25-sexies, Legislative Decree 231/2001) [article introduced by Law No. 62/2005].
Manslaughter and serious or very serious negligent bodily injury committed in violation of occupational health and safety regulations (Article 25-septies, Legislative Decree 231/2001) [article introduced by Law No. 123/2007].
Receiving stolen goods, money laundering, and use of money, goods or benefits of unlawful origin, as well as self-laundering (Article 25-octies, Legislative Decree 231/2001) [article introduced by Legislative Decree No. 231/2007; amended by Law No. 186/2014].
Copyright infringement offenses (Article 25-novies, Legislative Decree 231/2001) [article introduced by Law No. 99/2009].
Inducement not to make statements or to make false statements to the judicial authority (Article 25-decies, Legislative Decree 231/2001) [article introduced by Law No. 116/2009].
Environmental crimes (Article 25-undecies, Legislative Decree 231/2001) [article introduced by Legislative Decree No. 121/2011; amended by Law No. 68/2015] and Decree-Law No. 116/2025.
Employment of third-country nationals whose stay is irregular (Article 25-duodecies, Legislative Decree 231/2001) [article introduced by Legislative Decree No. 109/2012].
Racism and xenophobia (Article 25-terdecies) [article introduced by European Law No. 167 of November 20, 2017].
Fraud in sports competitions and unlawful operation of gambling or betting activities (Article 25-quaterdecies) [article introduced by Law No. 39 of May 3, 2019].
Tax crimes (Article 25-quinquesdecies) [article introduced by Decree-Law No. 124/2019, converted into Law No. 157/2019].
Smuggling (Article 25-sexdecies – article introduced by Legislative Decree No. 75/2020) and Legislative Decree No. 81/2025, which increased the threshold for criminal relevance of customs violations concerning border duties other than customs duties, also applies retroactively to conduct carried out before the entry into force of the reform.

2.6 Provisions of the Decree regarding the characteristics of the “Organization, Management and Control Model”

The Decree does not provide a detailed regulation of the nature and characteristics of the Organization, Management and Control Model; it merely sets out certain general principles, which partially differ depending on the individuals who may commit an offense.

For the prevention of offenses committed by “senior management,” the Model must:

Identify the activities within which offenses may be committed.
Provide for specific protocols aimed at planning the formation and implementation of the Entity’s decisions in relation to the offenses to be prevented, as well as information obligations toward the Supervisory Body.
Identify methods for managing financial resources suitable to prevent the commission of offenses.
Provide for information obligations toward the body responsible for supervising the functioning of and compliance with the Model.
Introduce a disciplinary system suitable to sanction non-compliance with the measures indicated in the Model.

With regard to offenses committed by so-called “subordinate” individuals, understood in a residual sense compared to “senior management,” the Model must provide for measures suitable to ensure that activities are carried out in compliance with the law and to promptly detect and eliminate risk situations, taking into account the nature and size of the organization, as well as the type of activities performed.

With reference to the effective implementation of Model 231, the following are required:

Periodic verification and possible amendment of the Model when significant violations of its provisions are discovered or when changes occur in the organization or in the activities.
The introduction of a disciplinary system suitable to sanction non-compliance with the measures set out in Model 231.

2.7 Offenses committed abroad

Pursuant to Article 4 of the Decree, the Entity may be held liable in Italy in relation to certain offenses committed abroad. The conditions on which such liability is based are:

The offense must be committed abroad by an individual functionally linked to the Entity (under the terms already examined above).
The Entity must have its main headquarters within the territory of the Italian State.
The Entity may be held liable only in the cases and under the conditions provided for in Articles 7, 8, 9, and 10 of the Italian Criminal Code (and where the law provides that the offender – a natural person – is punishable upon request of the Minister of Justice, proceedings against the Entity shall take place only if such request is also made against the Entity itself).
If the above cases and conditions are met, the Entity shall be liable provided that the State where the offense was committed does not initiate proceedings against it.

2.8 Attempt

The administrative liability of the Entity also extends to cases in which one of the offenses referred to in the preceding articles as a source of liability is committed in the form of an attempt (Article 56 of the Italian Criminal Code), i.e., where acts suitable and unequivocally directed to commit the offense have been carried out, but the action is not completed or the event does not occur.

2.9 Sanctions

The sanctioning system provided for by the Decree includes monetary penalties and disqualifying sanctions.

The monetary penalty, determined by the Judge, is applied in “quotas,” in a number not less than one hundred and not more than one thousand. The monetary penalty is determined taking into account the seriousness of the offense, the degree of liability of the Entity, as well as the activity carried out to eliminate the consequences of the offense and to prevent the commission of further violations. The amount of the penalty is set by the Judge based on the economic and financial conditions of the Entity, in order to ensure the effectiveness of the sanction.

Cases of reduction of the monetary penalty are provided for where—alternatively—the offender has committed the act primarily in their own interest or that of third parties and the Entity has not derived any benefit from it, or has derived only a minimal benefit, or where the damage caused is of particular insignificance. The monetary penalty is also reduced by one-third to one-half if, before the declaration of the opening of the first-instance trial, the Entity has fully compensated the damage or has eliminated the harmful or dangerous consequences of the offense (or has effectively taken steps to do so), or if a model suitable for preventing further offenses has been adopted.

If both of the above conditions are met, the penalty is reduced from one-half to two-thirds. In the case of the offenses referred to in Article 25-sexies of the Decree and the administrative violations referred to in Article 187-quinquies of the Consolidated Law on Finance (TUF), if the proceeds or profit obtained by the Entity are significant, the monetary penalty is increased up to ten times such proceeds or profit.

Disqualifying sanctions are applied in addition to monetary penalties and constitute the most significant punitive measures.

The disqualifying sanctions provided for by the Decree are:

Temporary or permanent disqualification from carrying out business activities.
Suspension or revocation of authorizations, licenses, or concessions functional to the commission of the offense.
Prohibition from entering into contracts with the Public Administration, except for obtaining public service provisions.
Exclusion from benefits, financing, contributions, or subsidies and the possible revocation of those already granted.
Temporary or permanent prohibition on advertising goods or services.

Disqualifying sanctions apply only in cases expressly provided for and provided that at least one of the following conditions is met:

The Entity has obtained significant profit from the offense.
The offense has been committed:
- By a senior management individual,
- By a subordinate individual, where the commission of the offense was facilitated by serious organizational deficiencies, and in cases of repeated violations.

Disqualifying sanctions are generally applied on a temporary basis but may exceptionally be applied permanently where there is serious evidence of the Entity’s liability and well-founded and specific elements indicating a concrete risk of further offenses of the same nature.

However, disqualifying sanctions do not apply (or are revoked if already applied on a precautionary basis) where the Entity—before the declaration of the opening of the first-instance trial—has compensated or remedied the damage and eliminated the harmful or dangerous consequences of the offense (or has at least taken steps to do so), has made the profit of the offense available to the Judicial Authority for confiscation, and—above all—has eliminated the organizational deficiencies that led to the offense by adopting organizational models suitable to prevent further offenses. In such cases, only the monetary penalty applies.

Finally, in addition to monetary and disqualifying sanctions, the Decree provides for two other types of sanctions:

Confiscation, consisting of the acquisition by the State of the price or profit of the offense, i.e., the seizure of sums of money, assets, or other benefits of equivalent value to the price or profit of the offense.
Publication of the conviction judgment, consisting of the publication of the conviction once, in summary or in full at the expense of the Entity, in one or more newspapers designated by the Judge in the judgment, as well as by posting in the municipality where the Entity has its main office.

3 Terms and Definitions

Within this organizational model, the terms and definitions contained in applicable legislation, Confindustria guidelines, and voluntary management system standards (ISO 9001, ISO 14001, ISO 45001) are used and reported below to facilitate consultation of the document:

Organization, Management and Control Model: the corporate organizational model aims to prevent the commission of predicate offenses under Legislative Decree 231/01 through an organizational structure, a system of delegations, protocols, procedures, training, and prevention activities across all Intellitronika locations, as well as all personnel and/or collaborators who interact with the Organization.
Sensitive activities and processes: corporate activities and processes within which there is a potential risk of committing one of the predicate offenses.
Code of Ethics: a code of conduct voluntarily adopted by Intellitronika in carrying out its activities and business, based on laws, regulations of the relevant countries, and internal rules, within a framework of ethical values such as fairness, confidentiality, compliance with competition rules, environmental protection, and the health and safety of workers.
UNI EN ISO 45001:2018: a voluntary standard requiring the implementation of a management system for occupational health and safety, considered compliant with Article 30 of Legislative Decree 81/2008 in relation to requirements for preventing administrative liability in cases of negligent homicide or serious or very serious personal injury in workplace safety matters.
Supervisory Body (SB): an independent structure responsible for monitoring, updating, and overseeing the effective maintenance of the adopted organizational model, including its special parts and related annexes.
Risk assessment: a specific analysis activity of the organization aimed at identifying activities within which predicate offenses under Legislative Decree 231/01 may be committed.
Audit: a systematic and documented verification process carried out to obtain evidence and records of statements of fact or other information necessary to determine whether the organization complies with the organization and control model.
Improvement action: activities aimed at improving, updating, and maintaining the effectiveness of the Model 231 over time and preventing the commission of predicate offenses.
Legislative Decree 231/2001: Legislative Decree of June 8, 2001, No. 231, as subsequently amended and supplemented.
Hazard / hazardous behavior: a source, situation, or act that may lead to the commission of a predicate offense under Legislative Decree 231/01.
RMOG: the Organizational Model Manager is a company employee who coordinates, organizes, and oversees the activities of the Company’s 231 team, manages risk assessment (risk assessment and gap analysis) of predicate offenses, and coordinates audit activities planned and carried out by the Supervisory Body, aimed at maintaining the effectiveness of Model 231 and ensuring its updating. The Model 231 Manager is responsible for the custody and recording of documents forming part of the Model.
Risk: probability index of the occurrence of a predicate offense under Legislative Decree 231/01.
Acceptable risk: risk that can be reduced to a level tolerable for the organization with reference to legal obligations and the provisions of Model 231, or that provides a prevention system that can only be circumvented through FRAUDULENT conduct.
Training: a process of transferring educational and behavioral concepts through organized classroom sessions (including virtual), conducted by a qualified instructor with the necessary legal and technical expertise. The event is documented with attendance records and training program details.
Information: a process of transferring educational and behavioral concepts through the distribution of informational material, with acknowledgment of receipt or via access to the corporate intranet.
Disciplinary system: the system referred to in Article 6, paragraph 2, letter e) of Legislative Decree 231/01, providing for disciplinary sanctions as set out in the applicable national collective labor agreement and proportional sanctions for all other company roles in the event of violations of Model 231 and its special parts.
Senior management individuals: persons referred to in Article 5(a) of Legislative Decree 231/01 who hold senior management roles and supervise subordinate personnel.
Subordinate individuals: persons referred to in Article 5(b) of Legislative Decree 231/01 who are subject to the direction of senior personnel.

4 Company Overview

Intellitronika srl was founded in 2010 and immediately achieved significant results in the fields of mobile data management, personnel and vehicle localization, and territorial control, enabling it to reach very high levels of specialization over the years.

The company operates in the situation management sector, designing and delivering solutions for emergency professionals and the business world. Its DNA combines the nature of an ICT company strongly focused on community-oriented solutions with the capabilities of a software house engaged in the research and development of high-impact IoT solutions.

It is part of the ITK Group, which has been operating in the innovation sector for over 30 years, developing solutions for major public entities and large private groups. ITK Group, like Intellitronika, relies on a global network of partners, collaborators, and clients, which today represents a key strength and provides stability and a forward-looking vision that few companies of this kind can claim.

The registered office is located in Rome, Viale dell’Oceano Atlantico, 182 (digital address: intellitronikasrl@legalmail.it).

The Company may assume and grant representations in Italy and abroad, with or without warehouse facilities; open and close bank and postal accounts and operate on them, including overdrafts; carry out all commercial, industrial, and financial transactions deemed necessary or appropriate to achieve the corporate purpose; acquire interests and shareholdings in other companies or enterprises with similar or related purposes, in compliance with Law No. 1/1991; and grant guarantees, including sureties and real or personal guarantees, provided that such activities are solely aimed at achieving the corporate purpose and comply with Law No. 197/1991 and Legislative Decree No. 385/1993.

The Sole Director is vested with the broadest powers for the ordinary and extraordinary management of the Company, except for matters reserved by law to the shareholders’ meeting. The Sole Director holds the corporate signature and legal representation of the Company before third parties and in legal proceedings.

Intellitronika collaborates in major programs of the Armed Forces and State security bodies, with the aim of providing innovative, effective, and modern solutions for all operational contexts.

Intellitronika provides consulting, technical assistance, and project management services for participation in public and private tenders, supporting companies operating or intending to operate in supplying services and goods to public administrations.

It also offers services in the national distribution of major international brands related to security and high-tech sectors.

Finally, the Company is engaged in research, innovation, and development to identify more advanced and high-performance solutions, using virtualization technologies and 3D printing systems, in order to provide products capable of meeting the needs of any operational context.

Intellitronika holds the following management system certifications issued by an Independent Third Party:

UNI ISO 14001 – Environmental management systems
ISO/IEC 27001 – Information security management systems

Description of the Company Headquarters

The registered office is located in Rome, Viale dell’Oceano Atlantico, 182, and consists of large office premises spread over multiple floors, well-lit and well-furnished, including a spacious meeting room equipped with videoconferencing technology for collective meetings, as well as ample outdoor areas accessible to all personnel.

The Company also has warehouses suitable for storing the materials it produces and sells.

For a representation of professional roles and the company’s organizational structure, please refer to the organizational chart below.

Organizational Chart

Version 2025-06 | Updated on 09/05/2025

5 Purpose

The purpose of this document is to define a tool for the implementation, application, and updating of an Organization, Management and Control Model that constitutes the adoption and effective implementation of all requirements set out in Articles 6 and 7 of Legislative Decree 231/01, and is therefore suitable for preventing the offenses provided for therein.

This Model is designed to be applied to all processes and all locations of Intellitronika, as well as to all personnel and/or collaborators who in any way interact with the Organization.

Integration with other Management Systems

This Model 231 has been developed with the aim of promoting integration with Quality, Environmental, Information Security, and Ethics Management Systems.

The Organization, Management and Control Model

The Organization, Management and Control Model of Intellitronika consists of the following documents, which are to be considered integral parts of the Model itself:

Organization, Management and Control Model – General Part

Attachments

Code of Ethics
Supervisory Body Regulations
Organizational structure and system of delegations and powers
Disciplinary system

Special Parts

Special Part A – offenses against the Public Administration and against the State
Special Part B – corporate offenses
Special Part C – workplace health and safety offenses
Special Part D – offenses against industry and trade
Special Part E – offenses relating to cybercrime, unlawful data processing, and copyright infringement
Special Part F – transnational offenses
Special Part G – racism and xenophobia
Special Part H – offense of inducing a person not to make statements or to make false statements to the judicial authority
Special Part I – offenses against individual personality
Special Part J – offense of employing third-country nationals whose stay is irregular
Special Part K – environmental offenses
Special Part L – offenses of receiving stolen goods, money laundering, and self-laundering
Special Part M – reporting of 231 offenses and Model violations – Whistleblowing

Forms

MDMOG-01 Risk assessment of 231 offenses
MDMOG-02 Management of Model 231
MDMOG-03 Annual audit program of the Supervisory Body
MDMOG-04 Audit checklist and report of the Supervisory Body
MDMOG-05 Minutes of periodic Supervisory Body meetings

Functions

The Organization and Control Model of Intellitronika performs the following functions:

Identifies the activities within which predicate offenses may be committed.
Provides specific operating instructions aimed at planning the formation and implementation of organizational decisions in relation to the predicate offenses to be prevented.
Identifies methods for managing financial resources suitable for preventing the commission of predicate offenses.
Establishes reporting obligations toward the Supervisory Body.
Introduces a disciplinary system suitable for sanctioning non-compliance with the measures set out in Model 231, its annexes, special parts, and related operating instructions for the prevention of predicate offenses.
Assigns to a body within the organization, endowed with independent powers of initiative and control, the task of supervising the functioning and compliance of the Organization and Control Model and ensuring its updating.
In particular, the organization, in order to ensure the effective maintenance of the Organization and Control Model:
- Ensures traceability and transparency of activities in areas and processes at risk of predicate offenses.
- Identifies “sensitive” processes and activities, meaning those processes/activities within which offenses relevant under Legislative Decree 231/01 may be committed.
- Assesses, for each process, the activities with potential risk of offenses committed in the interest or for the benefit of the organization and the level of risk of such offenses, based on the criteria and methodologies set out in this document.
- Prepares the Risk Analysis.
- Defines the actions necessary to achieve planned results and optimize the Organization and Control Model.
- Adopts, disseminates, and effectively implements Model 231, its annexes, and its special parts.
- Defines delegations, powers of attorney, authorities, and responsibilities.
- Adopts, disseminates, and effectively implements the Disciplinary System.
- Ensures the updating of the Organization and Control Model in line with legislative developments, Risk Analysis outcomes, and organizational activities.

6 Scope of Application

The rules contained in Model 231 apply to those who, even de facto, perform management, administration, direction, or control functions within the Company, to shareholders and employees, as well as to those who, although not part of the Company, operate under its mandate or are contractually bound to it.

Accordingly, the following shall be considered recipients of the Model, among senior management individuals:

Chairperson of the Board of Directors;
Directors and delegated officers in general;
Executives;
Statutory Auditor;
Members of the Supervisory Body.

Among individuals subject to the direction of others:

Employees;
Interns;
External collaborators;
Subcontracting companies.

By virtue of specific contractual clauses and limited to the performance of sensitive activities in which they may be involved, the following external parties may also be subject to specific obligations instrumental to the proper execution of the internal control activities provided for in this General Part and in the Special Parts:

Collaborators, agents and representatives, consultants, and in general self-employed individuals, insofar as they operate within sensitive activity areas on behalf of or in the interest of the Company.
Suppliers (with particular reference to subcontracting companies) and business partners who operate significantly and/or on an ongoing basis within sensitive activity areas on behalf of or in the interest of the Company.

External parties also include those who, although having a contractual relationship with another company of the Group, effectively operate significantly and/or on an ongoing basis within sensitive activity areas on behalf of or in the interest of the Company itself.

7 Risk Assessment

7.1 Model 231 Manager

The assessment of the risk of commission of predicate offenses is carried out, coordinated, and organized by the Model 231 Manager. This role has been appointed by the Board of Directors in order to assess the risks of predicate offenses within the corporate organization, ensure the updating of the organizational model, and manage audit activities aimed at maintaining the implemented prevention protocols.

In carrying out their duties, the Model 231 Manager may rely on the support of external professionals with the necessary technical and legal expertise. The Board of Directors appoints the Model 231 Manager from among internal personnel who have a thorough understanding of the organization’s functioning and who can effectively organize interviews with the relevant corporate functions and the necessary inspection activities.

7.2 Objectives of Risk Assessment

The purpose of the risk assessment is to evaluate the likelihood that one of the predicate offenses governed by Legislative Decree 231/01 may occur within the corporate organization. The purpose of this section is to:

Explain the methods used to assess the risk of commission of predicate offenses under Legislative Decree 231/01 within the corporate organization.
Plan the implementation of Model 231 in its necessary General and Special Parts.

The risk assessment and planning of Model 231 were carried out over a period of 90 days from the date of assignment (kick-off meeting). The design and drafting of the organizational model, its annexes, special parts, and related modules were completed in February 2025, with the support of the Model 231 Manager and company consultants, with approval of the documents by resolution dated October 20, 2025.

The criteria described in this section apply to all processes and activities of all company locations.

7.3 Risk Assessment

First phase: General risk assessment

With the support of “MDMOG-01 Risk Assessment of 231 Offenses”, each offense hypothesis is associated with an area or a corporate process in which, based on an initial and general assessment, there is a non-negligible possibility that a predicate offense may occur. Once the areas and corporate processes at risk of occurrence of a predicate offense have been identified, the second phase of specific risk assessment is activated.

Second phase: Specific risk assessment

The areas and corporate processes deemed subject to a general risk of occurrence of one of the predicate offenses provided for by Legislative Decree 231/2001 are analytically assessed through dedicated interviews with the functions responsible for and managing the areas and processes at risk. Following such interviews, the probability of occurrence of predicate offenses is assessed in detail in relation to specific corporate behaviors by completing, using numerical parameters, the form “MDMOG-01 Risk Assessment of 231 Offenses”.

In order to quantify risks and therefore evaluate them, the following criterion is adopted for determining risk exposure.

Risk Exposure = PRF x I x P x D x F x A

where:

PRF = Primary Risk Factor, takes into account the occurrence of the offense within the organization; in particular, the following evaluation criteria have been defined:

Criterion	Assessment
Offense never occurred in the past within the Organization	1
The Organization has previously been convicted for the commission of the offense under assessment	2
Proceedings are ongoing against individuals acting in the interest of the Organization regarding the offense under assessment	3
Sanctions and/or informal warnings have been issued under the internal disciplinary system in the last year regarding the activity under assessment	4
There is evidence of Non-Conformities or Anomalies of a systematic nature regarding the activity under assessment	5

I = Impact: extent of the damage resulting from the occurrence of the harmful event.

Impact is calculated in relation to the applicable sanctions, which may be pecuniary and/or disqualifying.

Pecuniary sanctions are applied in quotas ranging from a minimum of 100 to a maximum of 1,000; the amount of each quota ranges from a minimum of €258 to a maximum of €1,549 (therefore sanctions range from a minimum of €25,800.00 to a maximum of €1,549,000, subject to reductions pursuant to Article 12).

Disqualifying sanctions have a duration ranging from a minimum of three months to a maximum of 24 months. Based on these data, the following criteria for assessing Impact have been adopted.

Criterion		Assessment
Quotas	Disqualification	Assessment
100-300	No	1
301-700	No	2
100-300	Less than 6 months	3
701-1000	No	4
301-700	Less than or equal to 6 months	5
701-1000	Less than or equal to 6 months	6
100-300	Greater than 6 and less than or equal to 12 months	7
301-700	Greater than 6 and less than or equal to 12 months	8
701-1000	Greater than 6 and less than or equal to 12 months	9
100-1000	Greater than 12 months	10

P = Probability: expresses the number of times the occasion or moment occurs in which it is possible that the unlawful conduct (subject of assessment) is committed. The adopted evaluation criterion is as follows.

Criterion	Assessment
The reference process is managed in accordance with best practices. The Company’s activities (conceptually) are not closely related to the type of offense considered. Furthermore, the activity takes place in an environment generally unrelated to such criminal subculture.	1
The reference process is managed in accordance with best practices, but the Company’s activities are (conceptually) directly related to the type of offense considered and/or the activity takes place in an environment typically permeated by such criminal subculture.	2
The reference process is managed in accordance with best practices, but the Company’s activities are (conceptually) directly related to the type of offense considered and the activity takes place in an environment typically permeated by such criminal subculture. The reference process is managed in a slightly non-compliant manner with respect to best practices. The Company’s activities (conceptually) are not closely related to the type of offense considered. Furthermore, the activity takes place in an environment generally unrelated to such criminal subculture.	3
The reference process is managed in a slightly non-compliant manner with respect to best practices, but the Company’s activities are (conceptually) directly related to the type of offense considered and/or the activity takes place in an environment typically permeated by such criminal subculture.	4
The reference process is managed in a slightly non-compliant manner with respect to best practices. The Company’s activities are (conceptually) directly related to the type of offense considered and the activity takes place in an environment typically permeated by such criminal subculture. The reference process is managed in a substantially non-compliant manner with respect to best practices. The Company’s activities (conceptually) are not closely related to the type of offense considered. Furthermore, the activity takes place in an environment generally unrelated to such criminal subculture.	5
The reference process is managed in a substantially non-compliant manner with respect to best practices. The Company’s activities are (conceptually) directly related to the type of offense considered and/or the activity takes place in an environment typically permeated by such criminal subculture.	6

D = Detectability: expresses the organization’s ability to detect the possible commission of the offense, based on the characteristics of the process, the controls (protocols) implemented for the process, and the formalization of the various steps of the process to allow easy reconstruction of what occurred. For this factor, the adopted evaluation criterion is as follows.

Criterion	Assessment
The current internal control system allows each process activity related to the offense under assessment to be easily detected and reconstructed, as the Company’s activities are carried out in accordance with industry best practices and are supported by a continuous audit structure capable of identifying organizational deficiencies and ensuring the timely updating of the system.	1
The current internal control system allows each process activity related to the offense under assessment to be easily detected and reconstructed, as the Company’s activities are carried out in accordance with industry best practices, but only a periodic audit structure is in place for this purpose.	2
The current internal control system does not allow each process activity related to the offense under assessment to be easily detected and reconstructed, as the Company’s activities are not fully in line with industry best practices, but a continuous audit structure is in place, capable of identifying organizational deficiencies and ensuring the timely updating of the system.	3
The current internal control system does not allow each process activity related to the offense under assessment to be easily detected and reconstructed, as the Company’s activities are not fully in line with industry best practices and only a periodic audit structure is in place for this purpose.	4
There is no formalized internal control system, nor is there a formalized and/or regularly implemented audit process.	5

F = Frequency: expresses the frequency with which the process is carried out within the organization, and therefore the frequency of the occasion or moment in which it is possible that the unlawful conduct (subject of assessment) is committed. For this factor, it is assessed whether the process is applied ordinarily or only in extraordinary circumstances, and whether it is strictly related to the organization’s core business (service delivery). The adopted evaluation criterion is as follows.

Criterion	Assessment
The process is carried out rarely (no more than 4 times per year)	1
The process is carried out sporadically (approximately every two months)	2
The process is carried out on an approximately monthly basis	3
The process is carried out on an approximately weekly basis	4
The process is carried out routinely	5

A = Awareness and Participation: is based on the principle that the more personnel are informed and involved in the activities of the process under assessment, the lower the risk that the occasion or moment in which unlawful conduct may occur arises. For this factor, the adopted evaluation criterion is as follows.

Criterion	Assessment
All personnel involved in the process receive, in a planned and systematic manner, the necessary information and participate uniformly in the Internal Control System, so that it can be considered effective with respect to the offense under assessment	1
The above applies, but not in a planned and systematic manner; therefore, the Internal Control System can be considered partially effective with respect to the offense under assessment	2
Only part of the personnel involved in the process receives, in a planned and systematic manner, the necessary information and does not participate uniformly in the Internal Control System, so that it cannot be considered effective with respect to the offense under assessment	3
Only part of the personnel involved in the process receives, moreover not in a planned and systematic manner, the necessary information and does not participate uniformly in the Internal Control System, so that it can be considered poorly effective with respect to the offense under assessment	4
With regard to the process, there is no evidence of any information and participation activities	5

In determining Risk Exposure = PRF x I x P x D x F x A for each offense provided for by Legislative Decree 231/01, the result is assessed according to the following criteria.

Risk Exposure
Values from 1 to 243	Low
Values from 243 to 1024	Moderate
Values above 1024	Critical

The assessment of risk exposure, as described in this section, naturally leads to an objective evaluation, the purpose of which is to rank risks across the various corporate processes and areas. This makes it possible to identify those risks assessed as residual, for which it is therefore deemed appropriate not to adopt any precautionary measures.

7.4 Improvement

After 12 months from the effective implementation of Model 231, the areas and processes classified as moderate or critical risk may be subject to specific preventive measures as indicated in “MDMOG-02 Management of Model 231”. The document “MDMOG-02 Management of Model 231” is a programmatic document, managed by the Model 231 Manager, which defines: the improvement actions to be carried out for the implementation of a Model 231 aimed at preventing predicate offenses; the improvement actions aimed at updating Model 231; the priorities associated with the importance and urgency of the actions to be carried out; the company representative responsible for implementing each improvement action; and the time frame within which such actions must be completed. This document is subject to the supervision of the Board of Directors, which approves it and defines its implementation methods.

8 Updating of the organizational model

The organizational model is updated whenever one of the following events occurs:

The introduction of a new type of offense due to new laws related to Legislative Decree 231/2001.
Any modification of the organizational chart, for those offenses that are related to the function subject to change.
New revisions of the Confindustria Guidelines regarding Legislative Decree 231/2001.
For each new process/activity carried out by Intellitronika.
For any serious violation identified in any area, process, or location of Intellitronika.

The Board of Directors / Sole Director, in order to ensure the updating process, carries out the following preparatory activities aimed at updating Model 231:

Ensures that applicable legal requirements are identified and assessed in terms of applicability, with the support of consultants specialized in the administrative liability of entities.
Appoints and designates a Supervisory Body.
Communicates the most relevant information regarding legal requirements to the entire company organization.
Plans, through the Model 231 Manager, internal audit activities aimed at preventing predicate offenses and monitoring the corporate organization (Chapter 13 “Audit management”).

The activities necessary for updating Model 231 are included in the programmatic document “MDMOG-02 Management of Model 231”, which is the document where all improvement actions are recorded, not only those aimed at preventing predicate offenses but also those aimed at updating Model 231.

9 Reference Models

This organizational and management model is based on the guidelines provided by Confindustria in the document “Guidelines for the construction of organization, management and control models” issued on April 16, 2002 (updated as of March 2014), and on the Deming cycle principle^[1], which underlies all voluntary Management System standards such as ISO 9001, ISO 14001, ISO 45001, whose primary objective is the continuous improvement of the objectives set by business organizations. Continuous improvement in Model 231 can be referred to the effective maintenance and updating of the protocols implemented for the prevention of predicate offenses.

The Confindustria Guidelines provide for:

A first phase consisting of risk identification, i.e., the analysis of the company context in order to highlight where (in which area/activity sector) and how events detrimental to the objectives indicated by the Decree may occur.
A second phase consisting of the design of the control system (so-called protocols for the planning of the formation and implementation of the entity’s decisions), i.e., the assessment of the existing system within the entity and its possible adjustment, in terms of its ability to effectively counteract, that is, reduce to an acceptable level, the identified risks.

The concept of acceptability, in cases of intentional offenses, is represented by a prevention system such that it cannot be circumvented except fraudulently. This approach is consistent with the concept of “fraudulent circumvention” of the organizational model as a defense expressly provided for by the aforementioned legislative decree for the purpose of excluding the administrative liability of the entity (Art. 6, paragraph 1, letter c): “the persons committed the offense by fraudulently circumventing the organization and management models”.

Conversely, in cases of offenses of manslaughter and negligent personal injury committed in violation of occupational health and safety regulations, and for environmental offenses, the conceptual threshold of acceptability, for the purposes of exemption under Legislative Decree no. 231 of 2001, is represented by the occurrence of conduct (not accompanied by intent regarding the event—death/personal injury, environmental pollution) in violation of the organizational prevention model (and the related mandatory requirements prescribed by occupational safety and environmental protection regulations), despite the proper fulfillment of supervisory obligations provided for by Legislative Decree no. 231 of 2001 by the designated supervisory body. This is because the fraudulent circumvention of organizational models appears incompatible with the subjective element of negligent offenses.

According to the Guidelines, the implementation of a risk management system must be based on the assumption that offenses may in any case be committed even after the model has been implemented. Where intentional offenses are concerned, the model and the related measures must be such that the agent must not only “intend” the offense (e.g., bribing a public official), but will be able to carry out the criminal intent only by fraudulently circumventing (e.g., through artifices and/or deception) the entity’s provisions. The set of measures that the agent, if intending to commit a crime, will be forced to “override” must be structured in relation to the specific activities of the entity considered at risk and to the individual offenses hypothetically associated with them. In the case of negligent offenses, however, these must be intended by the agent only as conduct and not also as the resulting event.

The organizational model and systemic principles

Voluntary standards ISO 9001, ISO 14001, ISO 45001 all incorporate general principles of continuous improvement of business management, constant review and monitoring of the organization, and its updating. These concepts are fully consistent with the provisions of the legislation on the Administrative Liability of Entities (Legislative Decree 231/01).

Once the risk assessment of the company areas and processes where there is a likelihood of occurrence of one of the predicate offenses provided for by Legislative Decree 231 has been carried out, the company risk mapping has been prepared, the special sections aimed at preventing predicate offenses have been designed, a Supervisory Body has been appointed, and a disciplinary system has been implemented, it is necessary that the organizational model, in its general and special sections, be effectively implemented and be able to ensure exemption from the administrative liability of the entity.

From the voluntary management system standards, this organizational model adopts the principle of the Deming cycle, in which there is a constant cyclicity of actions that allow for the continuous review and updating of the organizational model:

10 Sensitive areas and processes

Within sensitive areas and processes, it is necessary that:

There must never be an overlap of roles between the person who makes decisions regarding the execution of a process within a sensitive activity area and the person who actually carries it out and completes it.

The main sensitive areas and processes subject to detailed analysis in the respective special sections aimed at preventing predicate offenses are listed below.

For corporate offenses (Special Section B)

Corporate offenses (Art. 25-ter, Legislative Decree no. 231/2001) [article added by Legislative Decree no. 61/2002, amended by Law no. 190/2012, Law no. 69/2015 and Legislative Decree no. 38/2017]
- False corporate communications (Art. 2621 Italian Civil Code) [article amended by Law no. 69/2015]
- Minor offenses (Art. 2621-bis Italian Civil Code)
- False corporate communications of listed companies (Art. 2622 Italian Civil Code) [article amended by Law no. 69/2015]
- Obstruction of control (Art. 2625, paragraph 2, Italian Civil Code)
- Unlawful return of contributions (Art. 2626 Italian Civil Code)
- Unlawful distribution of profits and reserves (Art. 2627 Italian Civil Code)
- Unlawful transactions involving shares or quotas of the company or of the parent company (Art. 2628 Italian Civil Code)
- Transactions to the detriment of creditors (Art. 2629 Italian Civil Code)
- Failure to disclose conflict of interest (Art. 2629-bis Italian Civil Code) [added by Law no. 262/2005]
- Fictitious formation of share capital (Art. 2632 Italian Civil Code)
- Unlawful distribution of corporate assets by liquidators (Art. 2633 Italian Civil Code)
- Unlawful influence on the shareholders’ meeting (Art. 2636 Italian Civil Code)
- Market manipulation (Art. 2637 Italian Civil Code)
- Obstruction of the exercise of the functions of public supervisory authorities (Art. 2638, paragraphs 1 and 2, Italian Civil Code)

Macro-process: Governance of the Organization

For offenses relating to workplace safety (Special Section C)

Offenses of manslaughter and serious or very serious negligent bodily injury, committed in violation of accident prevention regulations and regulations for the protection of occupational hygiene and health (Art. 25-septies, Legislative Decree no. 231/2001) [article added by Law no. 123/2007]
- Manslaughter (Art. 589 Italian Criminal Code)
- Negligent personal injury (Art. 590 Italian Criminal Code)

Macro-process: compliance with occupational health and safety requirements

For crimes against industry and commerce (Special Section D)

Crimes against industry and commerce (Art. 25-bis.1, Legislative Decree no. 231/2001) [article added by Law no. 99/2009]
- Disruption of the freedom of industry or commerce (Art. 513 Italian Criminal Code)
- Unlawful competition with threat or violence (Art. 513-bis Italian Criminal Code)

Macro-process: Commercial

For offenses relating to cybercrime, unlawful data processing, and copyright infringement (Special Section E)

Offenses relating to copyright infringement (Art. 25-novies, Legislative Decree no. 231/2001) [article added by Law no. 99/2009]
- Making available to the public, within a telematic network system, through connections of any kind, a protected intellectual work, or part thereof (Art. 171, Law no. 633/1941, paragraph 1, letter a-bis)
- Offenses referred to in the previous point committed on works of others not intended for publication, where the honor or reputation is harmed (Art. 171, Law no. 633/1941, paragraph 3)
- Unauthorized duplication, for profit, of computer programs; import, distribution, sale or possession for commercial or business purposes, or leasing of programs contained on media not marked by SIAE; preparation of means to remove or circumvent protection devices of computer programs (Art. 171-bis, Law no. 633/1941, paragraph 1)
- Reproduction, transfer to another medium, distribution, communication, public presentation or demonstration of the contents of a database; extraction or reuse of the database; distribution, sale or leasing of databases (Art. 171-bis, Law no. 633/1941, paragraph 2)
- Unauthorized duplication, reproduction, transmission or public dissemination by any means, in whole or in part, of intellectual works intended for television or cinematographic circuits, or for the sale or rental of records, tapes or similar media or any other medium containing phonograms or videograms of musical, cinematographic or audiovisual works or sequences of moving images; literary, dramatic, scientific or educational works, musical or musical-dramatic works, multimedia works, even if included in collective or composite works or databases; unauthorized reproduction, duplication, transmission or dissemination, sale or commercialization, transfer under any title or unauthorized import of more than fifty copies or specimens of works protected by copyright and related rights; making available within a telematic network system, through connections of any kind, a protected intellectual work, or part thereof (Art. 171-ter, Law no. 633/1941)
- Failure to communicate to SIAE the identification data of media not subject to marking or false declaration (Art. 171-septies, Law no. 633/1941)
- Fraudulent production, sale, import, promotion, installation, modification, use for public and private use of devices or parts of devices suitable for decoding conditional access audiovisual transmissions carried out via terrestrial broadcasting, satellite or cable, in both analog and digital form (Art. 171-octies, Law no. 633/1941)
Computer crimes and unlawful data processing (Art. 24-bis, Legislative Decree no. 231/2001) [article added by Law no. 48/2008; amended by Legislative Decrees no. 7 and 8/2016]
- Computer fraud by the electronic signature certifier (Art. 640-quinquies Italian Criminal Code)
- Unauthorized access to an IT or telematic system (Art. 615-ter Italian Criminal Code)
- Forgery in a public electronic document or one having evidentiary value (Art. 491-bis Italian Criminal Code)
- Unlawful possession and dissemination of access codes to IT or telematic systems (Art. 615-quater Italian Criminal Code)
- Dissemination of equipment, devices or computer programs aimed at damaging or interrupting an IT or telematic system (Art. 615-quinquies Italian Criminal Code)
- Unlawful interception, obstruction or interruption of IT or telematic communications (Art. 617-quater Italian Criminal Code)
- Installation of equipment intended to intercept, obstruct or interrupt IT or telematic communications (Art. 617-quinquies Italian Criminal Code)
- Damage to information, data and computer programs (Art. 635-bis Italian Criminal Code)
- Damage to information, data and computer programs used by the State or by another public entity or of public utility (Art. 635-ter Italian Criminal Code)
- Damage to IT or telematic systems (Art. 635-quater Italian Criminal Code)
- Damage to IT or telematic systems of public utility (Art. 635-quinquies Italian Criminal Code)

Macro-process: Management of corporate information systems

For transnational offenses (Special Section F)

Transnational offenses (Law no. 146/2006) [The following offenses constitute a basis for the administrative liability of entities if committed in a transnational manner]
- Provisions against illegal immigration (Art. 12, paragraphs 3, 3-bis, 3-ter and 5, of the consolidated act referred to in Legislative Decree of July 25, 1998, no. 286)
- Inducement not to make statements or to make false statements to the judicial authority (Art. 377-bis Italian Criminal Code)
- Aiding and abetting (Art. 378 Italian Criminal Code)
- Criminal association (Art. 416 Italian Criminal Code)
- Mafia-type criminal association (Art. 416-bis Italian Criminal Code)

Macro-process: Governance of the Organization – Human Resources management

For the offense of racism and xenophobia (Special Section G)

Art. 25-terdecies Legislative Decree no. 231/2001 introduced by Article 5 of the so-called “European Law 2017”

For the offense of inducement not to make statements or to make false statements to the judicial authority (Special Section H)

Inducement not to make statements or to make false statements to the judicial authority (Art. 25-decies, Legislative Decree no. 231/2001) [article added by Law no. 116/2009]
- Inducement not to make statements or to make false statements to the judicial authority (Art. 377-bis Italian Criminal Code)

Macro-process: Governance of the Organization – Human Resources management

For crimes against individual personality (Special Section I)

Art. 25-quinquies Crimes against individual personality
- Reduction to or maintenance in slavery or servitude (Art. 600 Italian Criminal Code)
- Child prostitution (Art. 600-bis Italian Criminal Code)
- Child pornography (Art. 600-ter Italian Criminal Code)
- Possession of pornographic material (Art. 600-quater Italian Criminal Code)
- Virtual pornography (Art. 600-quater.1 Italian Criminal Code)
- Tourist initiatives aimed at exploiting child prostitution (Art. 600-quinquies Italian Criminal Code)
- Trafficking in persons (Art. 601 Italian Criminal Code)
- Purchase and sale of slaves (Art. 602 Italian Criminal Code)
- Illegal intermediation and labor exploitation (Art. 603-bis Italian Criminal Code)
- Grooming of minors (Art. 609-undecies Italian Criminal Code)

For the offense of employing third-country nationals whose stay is irregular (Special Section J)

Employment of third-country nationals whose stay is irregular (Art. 25-duodecies, Legislative Decree no. 231/2001) [article added by Legislative Decree no. 109/2012]
- Employment of third-country nationals whose stay is irregular (Art. 22, paragraph 12-bis, Legislative Decree no. 286/1998)

Macro-process: Governance of the Organization – Human Resources management

For environmental crimes (Special Section K)

Environmental crimes (Art. 25-undecies, Legislative Decree no. 231/2001) [article added by Legislative Decree no. 121/2011, amended by Law no. 68/2015]
- Environmental pollution (Art. 452-bis Italian Criminal Code)
- Environmental disaster (Art. 452-quater Italian Criminal Code)
- Negligent crimes against the environment (Art. 452-quinquies Italian Criminal Code)
- Trafficking and abandonment of highly radioactive material (Art. 452-sexies Italian Criminal Code)
- Aggravating circumstances (Art. 452-octies Italian Criminal Code)
- Discharge of industrial wastewater containing hazardous substances; discharges into soil, subsoil and groundwater; discharge into sea waters by ships or aircraft (Legislative Decree no. 152/2006, Art. 137)
- Unauthorized waste management activities (Legislative Decree no. 152/2006, Art. 256)
- Pollution of soil, subsoil, surface water or groundwater (Legislative Decree no. 152/2006, Art. 257)
- Illegal waste trafficking (Legislative Decree no. 152/2006, Art. 259)
- Violation of obligations regarding communication, record-keeping and mandatory forms (Legislative Decree no. 152/2006, Art. 258)
- Organized activities for illegal waste trafficking (Legislative Decree no. 152/2006, Art. 260)
- False indications regarding the nature, composition and chemical-physical characteristics of waste in the preparation of a waste analysis certificate; insertion into SISTRI of a false waste analysis certificate; omission or fraudulent alteration of the paper copy of the SISTRI form – movement area in waste transport (Legislative Decree no. 152/2006, Art. 260-bis)
- Sanctions (Legislative Decree no. 152/2006, Art. 279)

Macro-process: Environmental compliance

For offenses of receiving stolen goods, money laundering and self-laundering (Special Section L)

Receiving stolen goods, money laundering and use of money, goods or benefits of illicit origin, as well as self-laundering (Art. 25-octies, Legislative Decree no. 231/2001) [article added by Legislative Decree no. 231/2007; amended by Law no. 186/2014]

Macro-process: Governance of the Organization – Procurement

Reporting of 231 offenses and violation of the Model – Whistleblowing (Special Section M)

Legislative Decree no. 231/2001 Art. 6 paragraph 2-bis, Art. 6 paragraph 2-ter, Art. 6 paragraph 2-quater

With regard to all types of offenses indicated in Legislative Decree no. 231/2001 and not mentioned in this MOG and in MDMOG01, it has been deemed that the specific activities carried out by the company do not present risk profiles such as to reasonably justify the possibility of their commission in the interest or to the benefit of the company.

In this regard, reference to the principles contained in the Code of Ethics is considered exhaustive, as they bind the Recipients of the Model to compliance with the values of solidarity, morality, respect for the law and fairness.

11 Supervisory Body

Pursuant to Art. 6, paragraph 1, letters a) and b) of Legislative Decree no. 231/2001 – any entity may be exempted from liability arising from the commission of offenses relevant under the decree if the governing body has, among other things:

Adopted and effectively implemented organizational, management and control models suitable for preventing the offenses considered.
Entrusted the task of supervising the functioning and compliance of the model and of ensuring its updating to a body of the entity endowed with autonomous powers of initiative and control.

In order to benefit from the exemption, it is necessary that the design and implementation of the Organizational Model be accompanied by the establishment of a corporate body entrusted with the task of supervising the implementation of the Model 231 and ensuring its updating.

The Organization has decided to establish a Supervisory Body (OdV) with regard to the functioning, effectiveness, adequacy and compliance with the organizational, management and control model, with the aim of preventing offenses from which the administrative liability of Intellitronika may arise, in application of the provisions of Legislative Decree no. 231/2001.

The Supervisory Body may be a collegial body, composed of at least three members (one of whom acts as Chairperson) appointed by the Board of Directors/Sole Director, or a monocratic body (i.e., composed of a single member).

The assignment of the role will subsequently be formally communicated at all levels of the organization, also through the illustration of the powers, duties and responsibilities of the Supervisory Body, as well as its hierarchical and organizational positioning and the purposes of its establishment.

Audit (inspection activities)

The Supervisory Body (OdV) plans internal audits to determine whether the Model 231:

Complies with the requirements of the reference framework adopted with the Model 231 and with the regulatory requirements set forth by Legislative Decree no. 231/2001 and related regulations.
Is effectively implemented and maintained.

An “Annual Program of Supervisory Body Audit Inspections” is prepared, which takes into account:

Processes, areas and activities to be verified;
Reasons for the inspection;
Objectives of the audit;
Competence and evaluation of auditors.

Prior to each audit, the Supervisory Body determines the composition of the Audit Group (AG) and identifies the person responsible (Head of AG).

In particular, auditors must meet the following minimum requirements:

Educational qualification:
- Secondary school diploma.
Knowledge:
- Legislative Decree no. 81/2008 and subsequent amendments and integrations, and safety organizational models (Art. 30 of Legislative Decree no. 81/2008), offenses related to workplace safety.
- Legislative Decree no. 152/2006 “Environmental Code”.
- Legislative Decree no. 231/2001: model requirements and predicate offenses.

Request for Improvement Actions

Following the audits carried out, if situations of risk of commission of predicate offenses emerge, the Supervisory Body must propose appropriate Improvement Actions to be included among the improvement actions set out in MDMOG-01 Model 231 Management.

Unscheduled audits

Audits may also be requested by the Supervisory Body on an unannounced basis, without prior scheduling, and with the direct participation of one of the members of the Supervisory Body.

Periodic meetings

Three times a year, the Supervisory Body (OdV) meets to carry out its functions, and minutes of the meeting are prepared. During these meetings, audits and inspections carried out, information flows, reports received, and the main strengths and/or critical issues identified are analyzed. The minutes of these meetings are confidential and are archived and retained by the Supervisory Body itself.

Annual reports to the Board of Directors and Board of Statutory Auditors

Twice a year, the Supervisory Body prepares reports on the effective maintenance of the Model 231 and on its updating, which are submitted to the Board of Directors.

Reports to the Supervisory Body

Employees, including managers, statutory auditors, and directors of the Company, are required to provide the Supervisory Body with all information concerning the commission or attempted commission of one of the offenses provided for by Legislative Decree no. 231/2001, or the violation or circumvention of the Organizational and Management Model and/or the Code of Ethics. Failure to comply with the reporting obligation is expressly sanctioned in the Model.

In the case of anonymous reports, the Supervisory Body first assesses their validity and relevance in relation to its duties.

The Supervisory Body evaluates the reports received, making use—depending on their nature—of the Company’s internal structures to carry out investigations into the reported facts; it may directly hear the reporting party or the individuals mentioned in the report; following the investigation, it adopts the appropriate decisions, providing reasons, by filing the report where appropriate or requesting the Company to proceed with disciplinary and sanctioning evaluations of what has been ascertained and/or to take appropriate actions on the Model.

Where the investigations carried out reveal situations of serious violations of the Model and/or the Code of Ethics, or where the Supervisory Body has reasonable grounds to suspect the commission of an offense, it promptly communicates the report and its assessments to the Board of Directors.

The authors of the reports are protected against any retaliation, discrimination, or penalization, and their identity is kept confidential, without prejudice to legal obligations and the protection of the rights of those who may be wrongly and/or maliciously accused.

To facilitate reporting as referred to in the first paragraph of this article, specific communication channels with the Supervisory Body are established. Contact with the Supervisory Body may take place by any means, either by sending a letter by mail or by email to the dedicated email address reserved for the Supervisory Body. The communication channels are made public by the Company through appropriate means to ensure awareness among those required to report. Reports are retained by the Supervisory Body.

The email address dedicated to reports to the Supervisory Body is: odv@intellitronika.com

Information flows to the Supervisory Body (OdV)

The following must be communicated to the Supervisory Body, by way of example only and not exhaustively:

Organizational structure:
- The system of delegation of powers and/or functions adopted by the Company, and any structural modifications made thereto.
Relations with the Public Administration:
- Any reports by the Board of Directors regarding anomalies and/or irregularities;
- In the event of inspections, assessments and/or disputes: transmission within 24 hours of copies of the relevant documents;
- Specific information on participation in projects financed with public funds;
- Reports on requests for information from supervisory authorities.
Finance and Treasury:
- Information on financial flows not related to specific contracts and/or ongoing commercial relationships;
- Relationships with banks, companies and/or foreign entities based in “black-list” countries.
Sales:
- Reports on expense reimbursements, financing to customers, directors, shareholders, managers, officers, employees or consultants that raise reasonable doubts as to their legality;
- Reports on royalties, bonuses, and allocations granted to external collaborators that raise reasonable doubts as to their legality.
Procurement:
- Reports and justification of any deviations exceeding 20% compared to prices obtained in the previous year or the lowest market prices;
Public Relations:
- Periodic reports on representation expenses, gifts and sponsorships carried out in deviation from the relevant corporate protocol;
Personnel:
- Reports on personnel, including external personnel, who have had previous experience within the Public Administration or have family or affinity relationships with employees/collaborators or individuals holding positions within the Public Administration;
- Reports on training programs on relevant topics (workplace safety, Legislative Decree 231, etc.);
Legal and Litigation:
- Reports on judicial or non-judicial settlements reached or not reached;
Management of IT/telematic systems:
- Reports on the security systems adopted and on the maintenance of their effectiveness;
- Reports on any breaches of such systems and any impact on sensitive data;
Workplace Safety:
- Accident reports;
- Reports on incidents and hazardous behaviors;
- Compliance audits by external consultants or internal personnel;
- System audits by certification bodies;
- Annual training plan;
- Annual improvement objectives;
- Changes to the safety organizational chart;
- Inspections by supervisory authorities.
Environment:
- Reports on environmentally hazardous behaviors;
- Compliance audits by external consultants;
- System audits by certification bodies;
- Annual environmental improvement objectives;
- Inspections by environmental control authorities.
Measures and/or information from Judicial Police authorities or any other authority indicating the conduct of investigations for offenses under Legislative Decree no. 231/2001, including against unknown persons, involving the Company or its Employees or members of corporate bodies (administrative and control bodies);
Information relating to facts that led to the initiation of disciplinary proceedings as well as, in the case of facts relevant under Legislative Decree no. 231/2001, their development and any sanctions imposed.

12 Document and records management

This chapter provides guidance on the management of documentation related to the organizational model manual, its annexes (Code of Ethics, Supervisory Body regulations, organizational structure and system of delegations and powers, disciplinary system), the special sections for the prevention of predicate offenses, and the management forms. These documents may be in different formats: paper-based or digital files in scanned PDF format of signed documents. Documents are managed in accordance with the rules set out in this chapter.

The general section of the Model 231 manual governs the methods and criteria by which the Model 231 is developed and the operational procedures for its functioning, with the aim of preventing the occurrence of predicate offenses governed by Legislative Decree no. 231/2001.

Annexes

The Code of Ethics is the document prepared and adopted by the Company to communicate to all stakeholders the principles, commitments and ethical responsibilities in conducting business to which the Company intends to adhere. The Code of Ethics must be complied with by all Company personnel and by all those who maintain contractual relationships with it. The Code of Ethics represents a general guidance tool for communicating all those ethical values that the Company recognizes as its own and with which it requires compliance from all its employees and from all those who cooperate in achieving the Company’s objectives, including suppliers and customers. The Code of Ethics also sets out behavioral principles suitable for preventing unlawful conduct referred to in Legislative Decree no. 231/2001; it is relevant for the purposes of Model 231 and therefore formally constitutes an integral annex to the Organizational Model.
The regulations of the Supervisory Body govern the operating procedures of the Supervisory Body, which, pursuant to Art. 6 of Legislative Decree no. 231/2001, is entrusted with supervisory functions and the updating of the Model 231.
The organizational structure and the system of delegation of powers of the Company represent the corporate organization through the issuance of delegations of functions and organizational provisions (service orders, job descriptions, internal organizational directives) by top management. The formalization of the adopted organizational structure is ensured by the Office Manager, who periodically updates the Company’s organizational chart and ensures its dissemination. All powers assigned through delegation correspond exactly to duties and responsibilities as outlined in the Company’s organizational chart.
The disciplinary system: Article 6, paragraph 2, letter e), and Article 7, paragraph 4, letter b), of Legislative Decree no. 231/2001 provide that Model 231 must introduce a disciplinary system suitable for sanctioning non-compliance with the measures set out in the Model. An effective disciplinary system for violations of the provisions contained in the Model is an essential condition to ensure the effectiveness of the Model itself. The application of disciplinary sanctions determined pursuant to the Decree is independent of the outcome of any criminal proceedings.

Special Sections

The special sections are documents that regulate and govern the conduct to be followed in order to prevent the commission of any of the predicate offenses provided for by Legislative Decree no. 231/2001. Each special section addresses a specific category of offenses (offenses against the Public Administration, occupational health and safety offenses, environmental offenses, corporate offenses) identified in the risk assessment. The special sections include the description of the predicate offenses to which the section refers, the description of sensitive processes and business areas, the corporate functions involved in such areas and processes, the analytical description of the offenses that may potentially occur in risk areas and processes, the prevention protocols, and the conduct to be followed by the Supervisory Body (OdV).

Models

MDMOG-01 Model 231 Management: programmatic document, managed by the Model 231 Manager, which defines the improvement actions to be carried out for the implementation of Model 231 aimed at preventing predicate offenses, the improvement actions aimed at updating Model 231, the priorities associated with the importance and urgency of the actions to be carried out, the company representative responsible for implementing the improvement action, and the timeframe within which such actions must be completed. This document is subject to the supervision of the Board of Directors, which approves it and defines its implementation methods.
MDMOG-02 Assessment of risk–predicate offenses 231: this document includes the listing of all individual predicate offenses, the description of the regulatory text, references to the articles of Legislative Decree no. 231/2001, the date of inclusion of the predicate offense in Legislative Decree no. 231/2001, references to the articles of law of the original sources, the primary risk factor, FRP evaluation, damage evaluation, detectability evaluation, activity frequency evaluation, information and participation evaluation, and risk evaluation.
MDMOG-03 Annual Audit Program of the Supervisory Body (OdV): the document describes the annual audit planning established by the Supervisory Body to assess the effective implementation and updating of Model 231; it includes the processes and activity areas to be verified, the audit team, the reasons for the audit, the audit objectives, and the months of the reference year in which the audits will be conducted.
MDMOG-04 Minutes of periodic meetings of the Supervisory Body (OdV): document that records the meeting activities of the Supervisory Body with other parties aimed at fulfilling its institutional duties.

The Models are standard documents that must be completed each time actions are carried out for the implementation, updating, and maintenance of the organizational model. When completed, the models include the date of drafting and the signature of the authors and, once recorded, ensure traceability of the organizational model over time for the activities carried out. In the management of the organizational model, additional models may be introduced to support traceability and prevention of predicate offenses in support of the various parts of the implemented organizational model.

The Model 231 general section, the annexes, and the special sections are documents subject to the following issuance procedures:

Drafting: preparation and design of the document usually carried out by the Model 231 Manager, possibly in collaboration with an external consultant.
Verification: verification of the document’s compliance with the corporate organization by the Legal Representative.
Approval: verification of the document’s compliance with the policy for the prevention of predicate offenses governed by Legislative Decree no. 231/2001 (which authorizes its dissemination), carried out by the Board of Directors/Sole Director.

The date of issuance of the documents coincides with the date of approval by the Board of Directors/Sole Director.

Change management

Any changes/updates must be clearly identified within the document by indicating which modifications have been made. The removal of any parts of the text must be indicated, where relevant, by striking through the deleted text. The modified document is identified by a date and a revision index.

Changes to the forms automatically result in their replacement.

Records

The recording of documents that are part of Model 231 represents a fundamental and central element in the traceability function that the model itself must perform. Organizing the management of Model 231 documents (general section, annex, special section in its revisions and updates, or a completed form describing an activity carried out in support of the model) allows the Entity to document and demonstrate its non-liability with regard to the occurrence of hypothetical unlawful acts connected with predicate offenses.

The Model 231 Manager is responsible for preparing and continuously updating the records of the documents that are part of or related to the organizational model. This includes the Model 231 manual, the annexes, the special sections with their revisions, and all completed and signed forms. The retention period of the records must be consistent with regulatory requirements and suitable for evidentiary purposes in legal proceedings aimed at excluding the administrative liability of the entity.

Records may also be managed through electronic folders containing scanned PDF files of signed documents, protected by IT security systems managed directly by the Model 231 Manager.

13 Audit management

The Model 231 Manager is responsible for monitoring and supervising the Model 231 internally. For this purpose, the Model 231 Manager manages internal audits on processes and business areas at risk of commission of predicate offenses provided for by Legislative Decree no. 231/2001. This chapter describes the criteria adopted for planning, conducting, and documenting internal inspection activities (audits).

Audits make it possible to obtain information in order to determine whether:

the corporate organization complies with the designed and implemented Model 231 (organizational changes);
Model 231 complies with Legislative Decree no. 231/2001 (introduction of new regulatory provisions);
Model 231 has been effectively implemented and maintained in its preventive protocols provided for in the special sections (effective maintenance).

Planning

The Supervisory Body plans the annual audit program relating to Model 231.

Internal audit activities may be carried out independently of the annual program prepared by the Supervisory Body, based on internal inspection and verification needs within the organization.

Identification of auditors

Internal audits are organized and conducted by the Model 231 Manager in accordance with the indications provided by the Supervisory Body and, when necessary, with specialized external technical and legal support.

Audit reports must be submitted to the attention of the Supervisory Body. All corporate functions subject to audit must provide maximum cooperation for the performance of audit activities.

14 Financial resource management

Article 6, paragraph 2, letter c) of the Decree requires the Company to establish specific procedures for managing financial resources suitable to prevent the commission of offenses. The criteria that Intellitronika intends to comply with in order to prevent the commission of any predicate offense in the management of financial resources are as follows:

all transactions equal to or exceeding EUR 5,000.00 must be carried out through the Company’s bank accounts;
periodic cash verification activities must be carried out;
the ADMINISTRATION & FINANCE function must define a specific formalized procedure for the opening, use, control, and closing of bank accounts;
the management body must define medium- and long-term financial needs.

With regard to invoice payments, the Company establishes that:

all invoices received must refer to the purchase order issued by the competent office or to the related delivery note, except for minor routine purchases;
such purchase order must be countersigned by the Head of Procurement;
invoices must be checked in terms of calculations and actual receipt of goods or services;
once the invoice has been received, payment shall not be made without the specific authorization of the ADMINISTRATION & FINANCE function as well as the requesting function;
all requests for financial funding must be adopted by resolution of the Board of Directors;
credit cards used by employees: they are either nominal or rechargeable.

In matters relating to occupational health and safety and environmental protection, the allocation of financial resources must be consistent with the distribution of responsibilities in these areas. Where Intellitronika has established annual spending budgets for occupational health and safety and environmental matters, procedures must be defined for requesting any additional financial resources.

It is mandatory to:

use only financial intermediaries registered in the relevant registers for transactions, including international ones;
carry out continuous monitoring of corporate financial flows.

Financial management requires, as a preliminary step, a segregation of duties:

delegations and powers of signature and expenditure must be appropriate to the position held and effective in relation to the activities to be carried out;
the powers and responsibilities of each individual performing operations must always be clearly defined, formalized, and communicated within the Company and externally where necessary;
there must be no identity between the person who makes or implements decisions regarding the use of financial resources, the person who records them in the accounts, and the person who performs control activities above the thresholds established for each authorized spender;
the ordinary use of financial resources must be justified by the requesting party, indicating at least the class or type of expense to which the transaction belongs;
each corporate operation and/or transaction must be authorized, consistent, documented, justified, recorded, and verifiable at any time;
the transfer, payment, and receipt of cash or bearer bank or postal passbooks or bearer securities in euro or foreign currency, carried out for any reason between different parties, is prohibited. Transfers may, however, be carried out through banks, electronic money institutions, and Poste Italiane S.p.A. The transfer of financial resources must be carried out through electronic transactions via credit institutions or Poste Italiane.

15 Training and information management

This chapter aims to provide criteria for planning training and information activities for the prevention of predicate offenses provided for by Legislative Decree no. 231/2001.

Information

To ensure the effectiveness of Model 231, the Company aims to guarantee its dissemination through the following methods:

a general information notice regarding the implemented Model 231, the reporting procedure to the Supervisory Body (OdV), and behaviors considered potentially in conflict with the contents of the Model, to be distributed to all employees.

New employees will be provided with specific information on the adopted Model 231 within their employment contract.

The information must be addressed to all Company personnel. In the case of foreign employees who do not understand the Italian language, the information must be provided through communication tools suitable for ensuring proper understanding of the subject matter.

To facilitate understanding of the contents of all documentation of the Organizational Model, publication of the documentation in Italian and English is authorized.

Information to external collaborators and partners

External parties (consultants, partners, suppliers, subcontractors, etc.) will be appropriately informed about the adoption of Model 231 through communication via the Company’s website, where they will be able to download the relevant information notice.

External collaborators who fail to comply with the provisions of Model 231 may face termination of their contractual relationship with the Company through specific contractual clauses.

Training

Each training event must be recorded and archived. Training activities must take into account the level of understanding of the Italian language by employees and, where necessary, appropriate tools must be used to ensure the effectiveness of the training.

Training and training updates must be planned in the document MDMOG-02 Model 231 Management at the time of the initial implementation of Model 231 and whenever audit and monitoring activities highlight the need for training for preventive purposes.

Training related to Model 231 must be specifically dedicated to senior management and subordinate personnel within the Company. Training programs, their duration, and their content must be approved by the Supervisory Body.

16 Annexes

Code of Ethics;
Regulations of the Supervisory Body;
Organizational structure and system of delegations and powers;
Disciplinary system.

17 Special sections

Special section A – offenses against the Public Administration and to the detriment of the State;
Special section B – corporate offenses;
Special section C – offenses related to workplace health and safety;
Special section D – offenses against industry and commerce;
Special section E – offenses related to cybercrime, unlawful data processing, and copyright infringement;
Special section F – transnational offenses;
Special section G – racism and xenophobia;
Special section H – offense of inducing a person not to make statements or to make false statements to the judicial authority;
Special section I – crimes against individual personality;
Special section J – offense of employing third-country nationals whose stay is irregular;
Special section K – environmental offenses;
Special section L – offenses of receiving stolen goods, money laundering, and self-laundering;
Special section M – reporting of offenses under Model 231 and violation of the model – whistleblowing.

18 Models

MDMOG-01 Model 231 Management;
MDMOG-02 Assessment of risk–predicate offenses 231;
MDMOG-03 Annual Audit Program of the Supervisory Body;
MDMOG-04 Minutes of periodic meetings of the Supervisory Body.

^[1] Conceived by W. Edwards Deming in Japan in the 1950s. At that time in Japan, product quality was ensured simply through testing phases. Inspections carried out after the process only made it possible to discard defective items and, within this logic, increasing quality would have meant increasing inspections and consequently costs. Waste and costs were not consistent with the concept of quality pursued by Japan. Japan relied on American experts, including W. Edwards Deming, to introduce tools aimed at ensuring a progressive improvement in quality. The Japanese subsequently reinvented Deming’s wheel and called it the PDCA Cycle, establishing a method to be applied to all phases and all situations. Today, the concept of continuously rotating Deming’s wheel to generate continuous improvement has been extended to all phases of management, and the four stages of the wheel correspond to specific activities.

Contents

1 Introduction
2 Reference legislation: Legislative Decree of June 8, 2001, no. 231
3 Terms and Definitions
4 Company Overview
- Description of the Company Headquarters
- Organizational Chart
5 Purpose
6 Scope of Application
7 Risk Assessment
8 Updating of the organizational model
9 Reference Models
- The Confindustria Guidelines provide for:
- The organizational model and systemic principles
10 Sensitive areas and processes
11 Supervisory Body
12 Document and records management
13 Audit management
- Planning
- Identification of auditors
14 Financial resource management
15 Training and information management
- Information
  - Information to external collaborators and partners
- Training
16 Annexes
17 Special sections
18 Models

Organization, Management and Control Model

Notice

1 Introduction

2 Reference legislation: Legislative Decree of June 8, 2001, no. 231

The administrative liability regime applicable to legal entities

2.1 Principle of legality

2.2 Conditions for the liability of the Entity

2.3 Offenses committed by individuals in senior positions

2.4 Offenses committed by individuals in “subordinate” positions

2.5 Types of offenses covered

2.6 Provisions of the Decree regarding the characteristics of the “Organization, Management and Control Model”

2.7 Offenses committed abroad

2.8 Attempt

2.9 Sanctions

3 Terms and Definitions

4 Company Overview

Description of the Company Headquarters

Organizational Chart

5 Purpose

Integration with other Management Systems

The Organization, Management and Control Model

Attachments

Special Parts

Forms

Functions

6 Scope of Application

7 Risk Assessment

7.1 Model 231 Manager

7.2 Objectives of Risk Assessment

7.3 Risk Assessment

First phase: General risk assessment

Second phase: Specific risk assessment

7.4 Improvement

8 Updating of the organizational model

9 Reference Models

The Confindustria Guidelines provide for:

The organizational model and systemic principles

10 Sensitive areas and processes

For corporate offenses (Special Section B)

For offenses relating to workplace safety (Special Section C)

For crimes against industry and commerce (Special Section D)

For offenses relating to cybercrime, unlawful data processing, and copyright infringement (Special Section E)

For transnational offenses (Special Section F)

For the offense of racism and xenophobia (Special Section G)

For the offense of inducement not to make statements or to make false statements to the judicial authority (Special Section H)

For crimes against individual personality (Special Section I)

For the offense of employing third-country nationals whose stay is irregular (Special Section J)

For environmental crimes (Special Section K)

For offenses of receiving stolen goods, money laundering and self-laundering (Special Section L)

Reporting of 231 offenses and violation of the Model – Whistleblowing (Special Section M)

11 Supervisory Body

Audit (inspection activities)

Request for Improvement Actions

Unscheduled audits

Periodic meetings

Annual reports to the Board of Directors and Board of Statutory Auditors

Reports to the Supervisory Body

Information flows to the Supervisory Body (OdV)

12 Document and records management

Annexes

Special Sections

Models

Change management

Records

13 Audit management

Planning

Identification of auditors

14 Financial resource management

15 Training and information management

Information

Information to external collaborators and partners

Training

16 Annexes

17 Special sections

18 Models

Preferences cookie

Preferences
cookie