SECURITE DES INFORMATIONS (ISO 27001:2017)

Pirola Pennuto Zei & Associati a obtenu la certification ISO 27001:2014 concernant la Sécurité des Informations.

Le Standard ISO/IEC 27001: 2005 est une règlementation internationale qui définit les conditions requises pour installer et gérer un Système de Gestion de Sécurité des Informations (SGSI ou ISMS de l’anglais Information Security Management System), et inclut les aspects concernant la sécurité logique, physique et d’organisation. L’objectif principal est celui d’établir un système pour la gestion du risque et la protection des informations des informations et de l’actif ICT.

La Sécurité des Informations est très importante pour Studio Pirola Pennuto Zei & Associati. Tandis que l’information est un élément fondamental pour garantir des services de qualité supérieure, le patrimoine de Studio Pirola le plus important est la gestion attentive des systèmes d’information garantie aux Clients. Protéger les informations des Clients en les utilisant exclusivement sur la base de ce qu’ils ont demandé, est une priorité absolue pour tous ceux qui travaillent chez Pirola Pennuto Zei & Associati. Dans cette optique le cabinet a entrepris le projet qui a porté à obtenir la certification ISO 27001:2014.

SYSTÈMES DE GESTION POUR LA QUALITÉ (ISO 9001:2015)

Pirola Pennuto Zei & Associati a obtenu la certification ISO 9001:2015 concernant les systèmes de gestion pour la qualité.

Le Standard UNI CEI ISO/IEC 9001:2015 est une norme internationale qui établit les qualités requises pour organiser et gérer un Système de Gestion pour la Qualité. La norme précise quels sont les qualités requises d’un système de gestion pour la qualité pour une organisation qui soit en mesure de fournir avec régularité des services qui satisfassent aussi bien les exigences du client que les conditions contraignantes applicables et qui vise à augmenter la satisfaction du client en appliquant en manière efficace le système, y compris les processus pour l’amélioration du système en question.

INFORMATION SECURITY AND QUALITY POLICY

Client Satisfaction and Information Security are crucial to Pirola Pennuto Zei & Associati (also “the Firm”). This is why the Firm is committed to ensuring, through organizational efficiency, maximum Client satisfaction and Information Security. While information is fundamental to guarantee higher quality services, Clients are the Firm’s key assets. Protecting client information by using it solely according to their requests is a top priority for anyone cooperating with Pirola Pennuto Zei & Associati.

The Firm accordingly undertakes:

•       To protect, based on strict confidentiality, integrity and availability criteria, any information provided by clients;

•       To limit the collection and use of personal information to the minimum extent possible in order to provide quality services to its clients, including consultancy on new services and on all activities of the Firm in general.

•       To allow the use of personal information on clients solely to authorized employees/persons in charge of data processing, who have received adequate training on the proper management of information. Employees in breach of the confidentiality obligation would be subject to disciplinary measures.

•       Not to disclose personal client information to any organization outside the Firm, unless the user has agreed to the disclosure by signing understandable notices or has otherwise given his/her consent thereto. The foregoing is without prejudice to the Firm’s obligation to provide such information pursuant to the law or EC regulations and provisions.

•       To exercise constant control over the confidentiality of the information received from the user. Should Pirola Pennuto Zei & Associati, in the performance of its activity, bring clients into contact with other firms or entities which may forward them offers for services, Pirola Pennuto Zei & Associati shall be responsible for ensuring that such firms do not retain the client information, unless clients have given their consent and have expressly and formally shown their interest in the disclosure/notification thereof.

•       To maintain the utmost confidentiality on the data, documents and information which it will become acquainted with during its activity and strictly observe the prohibition to disclose to third parties the information or, on a general basis, the contents of the clients’ declarations; in particular, the Firm shall not make use, disclose or copy for third parties any (commercial, technical or other) documents or any other information, nor give, deliver or release such documents to others, without the written consent of the client;

•       To keep the data and/or information which it will become acquainted with in the management of the client information strictly confidential, also vis-à-vis its employees and partners.

•       To ask any organizations engaged by Pirola Pennuto Zei & Associati to provide support services, comply with the Firm’s Information Security standards, and allow the Firm to monitor their compliance therewith.

•       Not to use or disclose – either within or outside the Firm – in any manner, personal and sensitive information, which could make it possible to identify clients and the information provided to the Firm in the performance of the service requested by the client. If such information is essential for providing other services, it may be used solely with the clients’ prior written consent, which may be given at the time of the provision of such information or thereafter and, if required by the law, solely with the prior authorization of the competent authorities in the territories where it carries on its activities.

•       To take the necessary actions to ensure that the information included in the client files is correct, complete and updated. To notify clients on how and where they can access their information (unless prohibited by law) and on how to notify the Firm of any errors which the Firm shall correct without delay.

•       To constantly carry out controls on the work performed by the persons in charge of data processing with the aim of ensuring Information Security and managing activities in compliance with the commitment to protect the confidentiality of clients in all processes in which it operates.

•       To promote a culture based on the following Principles and Values:

–         Compliance with the law;

–         Ethical conduct (loyalty, transparency, integrity and honesty);

–         Accountability;

–         Respect for the stakeholders’ interests;

–         Non-discrimination,

by adopting a Code of Professional Conduct, circulating it among all persons carrying out activities within the Firm Pirola Pennuto Zei & Associati and monitoring its observance.

•       To pursue the continued improvement of performance by setting higher and higher objectives and goals, in the quest for excellence;

•       To increase client satisfaction by translating their needs and expectations into process requirements;

•       To check the quality of service through process measurement and monitoring activities;

•       To improve internal effectiveness and efficiency;

•       To foster the growth, motivation and involvement of human resources to raise awareness and accountability among them by encouraging their participation in strategic and organisational choices;

•       To provide information and training to its staff, to enable them to work safely;

•       To plan activities according to quality standards.