INFORMATION SECURITY MANAGEMENT SYSTEM (ISO /IEC 27001:2017)
Pirola Pennuto Zei & Associati has received the ISO 27001:2017 Information Security certification.
ISO/IEC 27001:2017 is an international standard that defines the requirements for establishing and implementing an Information Security Management System (ISMS), and covers issues which relate to logical, physical and organizational security. The key objective is to set up a system for the management of risks and the protection of information and ICT assets.
Information security is of the essence for Studio Pirola Pennuto Zei & Associati. Availability of information is a crucial element in order to ensure higher standard services and the Firm’s main asset is the careful management of IT systems that is guaranteed for Clients. Keeping client information secure and using it only as clients expressly ask us to, is a top priority for all of us at Pirola Pennuto Zei & Associati. With this in mind, the firm embarked on the project which led to the successful completion of the ISO 27001:2017 certification process.
QUALITY MANAGEMENT SYSTEMS CERTIFICATION (ISO 9001:2015)
Pirola Pennuto Zei & Associati has received the ISO 9001:2015 Quality Management Systems certification.
ISO 9001:2015 is an international standard setting the requirements for establishing and maintaining a Quality Management System for organizations capable of regularly providing services which meet both client requirements and the applicable mandatory requirements, and seeking to improve client satisfaction through an effective implementation of the quality management system (including the system enhancement processes).
INFORMATION SECURITY AND QUALITY POLICY
Client Satisfaction and Information Security are crucial to Pirola Pennuto Zei & Associati (also “the Firm”). This is why the Firm is committed to ensuring, through organizational efficiency, maximum Client satisfaction and Information Security. While information is fundamental to guarantee higher quality services, Clients are the Firm’s key assets. Protecting client information by using it solely according to their requests is a top priority for anyone cooperating with Pirola Pennuto Zei & Associati.
The Firm accordingly undertakes:
- To protect, based on strict confidentiality, integrity and availability criteria, any information provided by clients;
- To limit the collection and use of personal information to the minimum extent possible in order to provide quality services to its clients, including consultancy on new services and on all activities of the Firm in general.
- To allow the use of personal information on clients solely to authorized employees/persons in charge of data processing, who have received adequate training on the proper management of information. Employees in breach of the confidentiality obligation would be subject to disciplinary measures.
- Not to disclose personal client information to any organization outside the Firm, unless the user has agreed to the disclosure by signing understandable notices or has otherwise given his/her consent thereto. The foregoing is without prejudice to the Firm’s obligation to provide such information pursuant to the law or EC regulations and provisions.
- To exercise constant control over the confidentiality of the information received from the user. Should Pirola Pennuto Zei & Associati, in the performance of its activity, bring clients into contact with other firms or entities which may forward them offers for services, Pirola Pennuto Zei & Associati shall be responsible for ensuring that such firms do not retain the client information, unless clients have given their consent and have expressly and formally shown their interest in the disclosure/notification thereof.
- To maintain the utmost confidentiality on the data, documents and information which it will become acquainted with during its activity and strictly observe the prohibition to disclose to third parties the information or, on a general basis, the contents of the clients’ declarations; in particular, the Firm shall not make use, disclose or copy for third parties any (commercial, technical or other) documents or any other information, nor give, deliver or release such documents to others, without the written consent of the client;
- To keep the data and/or information which it will become acquainted with in the management of the client information strictly confidential, also vis-à-vis its employees and partners.
- To ask any organizations engaged by Pirola Pennuto Zei & Associati to provide support services, comply with the Firm’s Information Security standards, and allow the Firm to monitor their compliance therewith.
- Not to use or disclose – either within or outside the Firm – in any manner, personal and sensitive information, which could make it possible to identify clients and the information provided to the Firm in the performance of the service requested by the client. If such information is essential for providing other services, it may be used solely with the clients’ prior written consent, which may be given at the time of the provision of such information or thereafter and, if required by the law, solely with the prior authorization of the competent authorities in the territories where it carries on its activities.
- To take the necessary actions to ensure that the information included in the client files is correct, complete and updated. To notify clients on how and where they can access their information (unless prohibited by law) and on how to notify the Firm of any errors which the Firm shall correct without delay.
- To constantly carry out controls on the work performed by the persons in charge of data processing with the aim of ensuring Information Security and managing activities in compliance with the commitment to protect the confidentiality of clients in all processes in which it operates.
- To promote a culture based on the following Principles and Values:
- Compliance with the law;
- Ethical conduct (loyalty, transparency, integrity and honesty);
- Respect for the stakeholders’ interests;
by adopting a Code of Professional Conduct, circulating it among all persons carrying out activities within the Firm Pirola Pennuto Zei & Associati and monitoring its observance.
- To pursue the continued improvement of performance by setting higher and higher objectives and goals, in the quest for excellence;
- To increase client satisfaction by translating their needs and expectations into process requirements;
- To check the quality of service through process measurement and monitoring activities;
- To improve internal effectiveness and efficiency;
- To foster the growth, motivation and involvement of human resources to raise awareness and accountability among them by encouraging their participation in strategic and organisational choices;
- To provide information and training to its staff, to enable them to work safely;
- To plan activities according to quality standards.