CISA Spa is sensitive to the need to spread and consolidate a culture of transparency, integrity, legality and control, also in light of the values and principles upheld by Allegion plc.
Allegion prides itself on protecting people and businesses around the world, and to fulfil its mission effectively it also pays particular attention to protecting its brand, reputation and employees. The Ethics and Compliance Programme is structured to reinforce our commitment not only within our organisation, but also with our business partners and reference communities.
CISA, consistent with Allegion's guidelines and conduct recommendations, has adopted governance tools that guarantee the functioning of the organisation while safeguarding the needs for transparency of the management choices, crime prevention, efficiency and effectiveness of the internal control, regulation of potential conflicts of interest, and standards of conduct for the management of intercompany relations; these tools are set out and described in various documents that together represent the Compliance System (Articles of Association, Group Code of Conduct, Conduct Guidelines, Business Partner Code of Conduct, Organisation Charts, Policies and Procedures, Proxy and Power of Attorney Systems, etc.).
In order to ensure the effective prevention of the offences envisaged in Italian Legislative Decree No. 231 of 8 June 2001 (Provisions on the administrative liability of legal persons, companies and associations, including those without legal personality) CISA has adopted an Organisation, Management and Control Model (231 Model) pursuant to Article 8; the intended audience of the 231 Model are all those who perform roles for the representation, administration or management of the Company (Corporate Bodies, therefore the members of the Board of Directors and the Board of Statutory Auditors). The Model also applies to all the Company's employees/executives, who are required to comply - with the utmost correctness and diligence - with all the provisions and controls contained therein, as well as the relevant implementation procedures. The Model also applies, within the limits of the existing relationship, to those who, although not belonging to the Company, operate by mandate or on behalf of the same or are in any case linked to the Company by significant legal relationships and have business relations with CISA (Consultants and Business Partners, i.e. distributors, agents, suppliers, intermediaries, contractors, etc.).
CISA's 231 Model is made available on the company's website (231 Model) and is considered both a mandatory reference on ethics and compliance for all those who work with CISA and an integral part of the contracts entered into by the Company.
CISA Spa has adopted a system for managing whistleblowing, including anonymous whistleblowing, valid in Italy and abroad and consistent with the applicable regulations and Allegion plc policies.
In accordance with the provisions of Directive (EU) 2019/1937 and the implementing laws (in Italy, Italian Legislative Decree No. 24 dated 10 March 2023), the Organisation, Management and Control Model pursuant to Italian Legislative Decree No. 231/2001 and the internal guidelines, a System has been adopted and made available consisting of various channels, as set out below, which allows for the management of whistleblowing, including anonymous, made by the parties envisaged by the regulations. With the application of the System, the receipt, management, analysis and processing of whistleblowing reports received, including anonymously, and the response to the whistleblower are ensured within the time-frame and in accordance with the Allegion Whistleblowing Policy and addenda thereto.
Whichever channel is used, it is ensured that reports submitted by employees, former employees, job applicants, business partners, customers, suppliers, consultants, associates, partners and, more generally, all stakeholders, including shareholders and individuals with administrative, management, control, supervisory or representative functions, are handled.
Reports must relate to conduct in breach of the Code of Ethics, laws, regulations, internal rules, provisions of the Authorities, the 231 Model, and must be adequately substantiated, i.e. they must contain sufficient details to enable the reported facts to be ascertained (e.g.: elements enabling the identification of the persons involved, the context, place and time period of the reported facts and supporting documentation).
The system is not available for commercial complaints or disputes and requests related to personal interests.
The strictest confidentiality shall be guaranteed with regard to the parties and facts reported, as well as the identity of the whistleblowers, so that the whistleblower is not subject to any form of retaliation.
The reports can be sent by means of one of the following methods:
Without prejudice to the preferential use of the whistleblowing channels made available by Cisa, in the cases peremptorily indicated in Article 6 of Italian Legislative Decree No. 24/2023, reports may also be made to the competent national authority (ANAC).
Information and personal data disclosed in the context of whistleblowing reports are processed for the purpose of managing and following up the reports, as well as investigating any reported conduct and adopting the necessary measures in accordance with applicable laws, including data protection legislation. For greater information on the formalities and purposes of the processing of personal data, included in the reports and gathered during the procedure, please refer to the data processing disclosures as per the GDPR.