Our integrated risk management model is based on the highest international standards, such as the COSO (Committee of Sponsoring Organizations) framework. This allows us to systematically identify, analyse, and mitigate strategic, operational, and external risks, ensuring business continuity and the achievement of the objectives of the Strategic Plan.

A key element of our governance is our focus on climate risks. In line with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD), we have integrated climate change risk analysis into our Enterprise Risk Management (ERM) model. This allows us to assess the resilience of our strategy and take the most effective adaptation measures to protect our assets and ensure safe and continuous energy production.

Our corporate culture is based on principles of integrity, loyalty, and transparency, formalized in the Group's Code of Ethics and Conduct. This document is our reference point for conducting business and corporate activities and applies to all employees, directors, collaborators, and suppliers. We promote a work environment that respects the dignity and rights of every person, rejecting all forms of discrimination and corruption.

To ensure compliance with the law, the CVA Group and its main subsidiaries have adopted an Organization, Management, and Control Model pursuant to Legislative Decree 231/2001. This tool, together with a whistleblowing system, allows us to prevent crimes and ensure maximum fairness in our operations. An independent Supervisory Board constantly monitors the effectiveness and application of the Model, ensuring that our procedures are always in line with current regulations and the highest ethical standards.

In an increasingly digitalized world, information security is a priority. To mitigate cyber risks and protect our critical infrastructure, we have implemented a robust Information Security Management System, obtaining ISO/IEC 27001 and ISO/IEC 27701 (Privacy Management) certifications for CVA and CVA Energie. These international standards, together with a multi-level approach to cybersecurity, strengthen the resilience of our systems and ensure business continuity.

Maintaining process quality, protecting the environment, ensuring the health and safety of workers, and effectively managing assets are fundamental elements for us. For this reason, we have adopted an Integrated Quality, Safety, and Environment Management System, certified in accordance with ISO 9001, ISO 45001, and ISO 14001 standards.