INFORMATION SECURITY MANAGEMENT SYSTEM (ISO /IEC 27001:2014)

INFORMATION SECURITY MANAGEMENT SYSTEM (ISO /IEC 27001:2017)

Pirola Pennuto Zei & Associati has received the ISO 27001:2017 Information Security certification.

ISO/IEC 27001:2017 is an international standard that defines the requirements for establishing and implementing an Information Security Management System (ISMS), and covers issues which relate to logical, physical and organizational security. The key objective is to set up a system for the management of risks and the protection of information and ICT assets.

Information security is of the essence for Studio Pirola Pennuto Zei & Associati. Availability of information is a crucial element in order to ensure higher standard services and the Firm’s main asset is the careful management of IT systems that is guaranteed for Clients. Keeping client information secure and using it only as clients expressly ask us to, is a top priority for all of us at Pirola Pennuto Zei & Associati. With this in mind, the firm embarked on the project which led to the successful completion of the ISO 27001:2017 certification process.

QUALITY MANAGEMENT SYSTEMS CERTIFICATION (ISO 9001:2015)

Pirola Pennuto Zei & Associati has received the ISO 9001:2015 Quality Management Systems certification.

ISO 9001:2015 is an international standard setting the requirements for establishing and maintaining a Quality Management System for organizations capable of regularly providing services which meet both client requirements and the applicable mandatory requirements, and seeking to improve client satisfaction through an effective implementation of the quality management system (including the system enhancement processes).

INFORMATION SECURITY, DATA PROTECTION AND QUALITY ASSURANCE POLICY

Client Satisfaction and Information and Personal Data Security are crucial to Pirola Pennuto Zei & Associati (also “the Firm”). This is why the Firm is committed to ensuring, through organizational efficiency, maximum Client satisfaction and Information Security. While information is fundamental to guarantee higher quality services, Clients are the Firm’s key assets. Protecting Client information, including personal data, by using it solely according to their requests is a top priority for anyone working at Pirola Pennuto Zei & Associati.

The Firm accordingly undertakes:

  • To protect any information provided by clients, based on strict security and confidentiality standards;
  • To limit the collection and use of personal information to the minimum extent possible in order to provide quality services to its clients, including consultancy on new services and on all activities of the Firm in general;
  • To allow access to our clients’ personal information solely to authorized employees/persons, who have received adequate training on the proper management of such information. Employees in breach of the confidentiality obligation will be subject to disciplinary measures;
  • Not to disclose personal client information to any organization outside Pirola Pennuto Zei & Associati, unless the client has agreed to the disclosure by signing understandable notices or has otherwise given his/her consent thereto. The foregoing is without prejudice to the Firm’s obligation to provide such information pursuant to the law or EC regulations and provisions.
  • To constantly monitor the confidentiality of the information received from the client. Should Pirola Pennuto Zei & Associati, in the performance of its activity, bring clients into contact with other firms or entities which may forward them offers for services, Pirola Pennuto Zei & Associati shall be responsible for ensuring that such firms do not retain the client information, unless clients have given their consent and have expressly and formally shown their interest in the disclosure/notification thereof;
  • To maintain the utmost confidentiality on the data, documents and information which it will become acquainted with during its activity and strictly observe the prohibition to disclose to third parties the information provided by clients or, in general, the contents of clients’ declarations; in particular, the Firm shall not make use of, disclose or copy for third parties any (commercial, technical or other) documents or any other information, nor shall it give, deliver or release such documents to others, without the client’s written consent;
  • To keep the data and/or information it will become aware of during the time the Firm will manage the client information strictly confidential, also vis-à-vis its employees and partners;
  • To ask any organizations engaged by Pirola Pennuto Zei & Associati to provide support services, to comply with the Firm’s Information Security standards, and allow the Firm to monitor their compliance therewith;
  • Not to use or disclose – either within or outside the Firm – in any manner, personal and sensitive information, which could make it possible to identify our clients and the information provided to the Firm in the performance of the service requested by the client. If such information is essential for providing other services, it may be used solely with the clients’ prior written consent, which may be given at the time of the provision of such information or thereafter and, if required by the law, solely with the prior authorization of the competent authorities in the territories where it carries on its activities;
  • To make its best endeavors to ensure that the information included in our client files is correct, complete and updated. We will inform our clients on how and where they will be able to access their information (unless prohibited by law) and on how to notify the Firm of any errors which the Firm shall correct without delay;
  • To constantly check the work performed by the Firm’s people in charge of data processing in order to ensure the Security of information and to manage activities in such a way as to comply with the commitment to protect client confidentiality in all processes in which it operates.

Furthermore, the Firm, in its capacity as Controller and Processor of personal data, with particular regard to client personal data, undertakes to adopt the following measures:

  • Including among its internal policies a formal commitment to comply with the domestic and international data protection legislation in force, according to the Accountability standard;
  • Identifying contact persons in charge of privacy issues;
  • Classifying the categories of personal data processed within Studio Pirola;
  • Providing for the retention of system logs, protecting them from unauthorized access;
  • Implementing measures regarding the development of new processes/services which take personal data protection issues into accounts;
  • Including the management of data breaches among incident management activities.

These policies will be used to facilitate agreements with commercial partners where personal data processing is mutually significant. This will also promote relations with other stakeholders.

Finally, Studio Pirola undertakes to pursue the continued improvement of performance by setting higher and higher objectives and goals:

  • To increase client satisfaction by translating their needs and expectations into process requirements;
  • To check the quality of service through process measurement and monitoring activities;
  • To improve internal effectiveness and efficiency;
  • To foster the growth, motivation and involvement of human resources to raise awareness and accountability among them by encouraging their participation in strategic and organisational choices;
  • To provide information and training to its staff, to enable them to work safely;
  • To plan activities according to quality standards.

Update at 17 September 2021

PERSONAL DATA SECURITY (ISO 27701:2019)

ISO 27701 is an extension of ISO 27001 focused on privacy issues. Its goal is to improve the existing information security management system with additional requirements in order to establish, implement, maintain and continuously improve the privacy and personal data management system.