Management Systems

In order to guarentee compliance with legislation and at the same time monitor and control the risks, the system is divided into a network of protected areas (resources, technologies, instruments and competencies), partially interconnected according to the objectives/risks to be monitored and designed to ensure the achievement of control objectives.

Diagram of the Enterprise Risk Management System of Acea Spa

Antitrust Compliance

The trend in the competition situation on the markets where the Acea Group operates requires growing attention to the matter of compliance with antitrust law and the regulations concerning consumer protection.

Acea believes that competition and consumer protection is a core value for company business activities and pursues its objectives in obersvance of the rules regulating the market. Consistent with the principles set out in the Code of Ethics, the Group specifically abstains from anticompetitive, exploitive and abusive practices and, more generally, from any conduct that might impede the correct functioning of market mechanisms and imply detriment to consumers.

In order to safeguard these values, Acea has adopted an extensive Antitrust Compliance Programme, within the scope of which it has defined organisational policies, rules, measures and control units intended to ensure the compliance of its actions with competition and consumer protection legislation and promote the development of a business culture oriented towards respect for principles of fair competition and correctness vis-à-vis competitors and consumers.

In this connection, on 13 December 2018 the Acea Spa Board of Directors approved:

  • the "Manual of Compliance with Antitrust and Consumer Protection Legislation, setting out the main points of the legislation and providing a series of behavioural rules, with which all Acea staff are obliged to comply when carrying out their work;
  • the "Organisational Regulation on Antitrust Compliance and Unlawful Commercial Practices" which defines the corporate organisation for the purpose of effectively implementing the Compliance Programme.

The Compliance Programme, implemented in every Group company under the responsibility of the Company Antitrust Liaison Officer, provides for a series of activities, including:

  • mapping and identification of the areas of activity, structures and corporate processes potentially exposed to Antitrust risks
  • risk identification and assessment
  • definition of the process management systems at greatest antitrust risk
  • staff training and refresher sessions
  • constant monitoring and periodic updating of the programme.

In 2021, a project was launched to review and update the compliance programme, aimed at further enhancing the internal control system with regard to Antitrust and Consumer Protection and improving the compliance strategies according to the standards applied at European level, in line with the “Antitrust Compliance Guidelines” issued by the AGCM (Italian competition authority) and with national and European best practices and case law.

Each Company’s Antitrust Contact Person receives specific training and support from the Holding Company Contact Person.

Privacy Governance Model

The Group has adopted a Privacy Governance Model, in accordance with the indications set forth by Regulation (EU) 2016/679 on data protection (GDPR), which constitutes the organisational and control framework wherein both roles and responsibilities and the methods for implementation of the basic principles of Privacy discipline are identified, with a preventive risk-based approach supported by constant monitoring and periodic reviews.

In 2021, this Model – after conclusion of the phase of implementation at the subsidiaries – was reviewed based on the application findings that emerged during the previous two years and enhanced with appropriate methodological tools in order to strengthen its application effectiveness (Control Framework).

The year 2021, still characterised by a high level of commitment in managing the Covid-19 pandemic, saw Acea engaged in initiatives with high privacy impact, including the activation of the company’s vaccination HUB, which involved the introduction of specific procedures able of ensure the safe and compliant handling of data (vaccination status, management of absences/replacements, etc.).

Moreover, a programme was initiated for a risk analysis of all treatments included in the Parent Company’s register, in order to allow the associated risk to be constantly and promptly updated. Regarding the treatments considered potentially high risk, according to the case studies, specific analyses are carried out such as DPIA (Data Protection Impact Assessment), LIA (Legitimate Interest Assessment) and TIA (Transfer Impact Assessment). In the event of outsourced activities specific contractual tools are used to regulate the handling of personal information and a constant monitoring of procurement operations is guaranteed.

During the year, the necessary activities were also carried out to implement the Italian supervisory authority’s “Guidelines on the use of cookies and other tracking technologies”, via the adoption of a dedicated tool for the management of cookies on the Group’s various websites.

Lastly, communication initiatives and training sessions were arranged on the privacy impacts of individual processes, as well as an online Workshop dedicated to Digital Marketing and Telemarketing issues, with the participation of industry experts, members of the Authority and Business Associations.

The Data Protection Officer (DPO) at Group level is supported by an ad hoc structure (DPO Office), contactable at the following address: privacy@aceaspa.it. Some "privacy control units" have also been identified to act as internal reference and liaison points with the DPO Office.

Management systems

For the sustainability of its operations, Acea acknowledges the following core values:

  • the promotion of a quality culture
  • respect for the environment and safeguarding of ecosystems
  • the valorisation of people
  • safety in the workplace
  • corruption prevention
  • infection control and prevention
  • efficient resource management
  • risk assessment
  • responsible management of its economic, social and environmental impacts
  • dialogue with the parties involved
  • promotion of sustainability in the value chain.

The Integrated Certification Systems Unit within the Parent’s Risk & Compliance Function defines the methods and standards of reference for the implementation of QASE (Quality, Environment, Safety and Energy) certified management systems, as well as for further certifications, accreditations and certifications of interest to the Group, and operates in synergy with the operating companies’ counterpart Units.

Acea Group has implemented the following policies, which set out the company’s principles and commitments: 

  • a Management Systems and Sustainability Policy, which sets out the principles, values and commitments undertaken by the company, including them as part of the framework for the pursuance of sustainable development. This policy is an integral part of the Management Systems compliant with ISO 9001, ISO 14001, ISO 45001 and ISO 50001 standards;
  • an Infection Control and Prevention Policy, following the decision to obtain certification for the infection prevention management system (Biosafety Trust Certification);
  • an Anti-corruption Policy in line with the Group’s Code of Ethics, outlining the values, criteria, and modalities we are intended to adopt in order to make the system operational and responsible for the compliance to the prevention and management of corruption risk.

The Acea Group is also committed to continuously updating its Management Systems and – for this reason – it constantly tracks and analyses the changes in the internal and external context, and the stakeholders’ expectations as well.

Management of quality, environment, safety and energy are central aspects of our corporate policies, as shown by the number of Group companies that have implemented certified integrated management systems.

Certified Management Systems within Acea Group (as at 31/12/2021)

  QUALITY
(ISO9001)
ENVIRONMENT
(ISO14001)
SAFETY
(ISO45001)
ENERGY
(ISO50001)
OTHER
Acea  X   
X X
X Biosafety Trust certification
WATER          
Acea Ato 2  X X X X  
Acea Ato 5 
X
X X
X  
Gesesa  X X X X  
Acea Molise X X X    
Gori X X X    
GRID          
Areti X X X X  
GENERATION          
Acea Produzione    X X    
Ecogena X   X X UNI 11352
COMMERCIAL          
Acea Energia X X X   Biosafety Trust certification
ENVIRONMENT          
Acea Ambiente 
X X X X EMAS
Aquaser X  X  X   ISO 39001
Acque Industriali  X X X X EMAS
Iseco X X X   ISO 22000
Deco X X X   EMAS
Demap X X X    
Berg X X X   EMAS
Ferrocart X X      
Cavallari X X X    
Ecologica Sangro X X X    
ENGIREERING AREA          
Acea Elabori X X X   UNI 17025
UNI 17020
Biosafety Trust certification
Simam X X X    
TWS X X X    

Highlights

Discover the latest news and initiatives of the Acea Group