Ensure data confidentiality, integrity and availability

We prepare and assist the client in the work to achieve a system that guarantees confidentiality, integrity and availability of data at economically acceptable levels and without critical impacts for the company. Based on the directives of the ISO 27001 standard, we select the controls in an orderly manner and design the organizational solution that best fits the client, taking into account its needs, priorities and resources. By applying a system for managing information security, the company immediately obtains the maximum return in improving the efficiency of existing technology and in conveying investments in the security field to a priority position.

ANALYSIS

In this phase we acquire information on the structuring of the information system, the number and tasks of the employees, the type of data processed, the procedures that govern the processing of data.

ISMS SET-UP

The ISMS set-up phase is of a strategic nature, defining the aims, objectives and providing clear operational guidelines for identifying, developing, managing and controlling the security measures to be adopted

ISMS IMPLEMENTATION

The Implementation phase of the ISMS aims to design, implement and maintain security measures efficiently, through formalized procedures and specific work instructions.

ISMS VERIFICATION AND CONTROL

The ISMS verification and control phase has the task of preparing the control procedures of the organizational structure and the security measures adopted

Consultancy to obtain ISO 27001:2013 Certification

 

Secure Group works to assist companies in the certification phases of the Information Security Management System thanks to the expertise recognized by the same certification bodies that required the consultancy of Secure Group to identify the standards of the certification process as authorized consultants for ISO 27001: 2013 certification and to guarantee its maintenance phases.

Consultancy for fulfilments provided by the law on Privacy

 

Secure Group allows the company to obtain a concrete adaptation to the Italian legislation on cyber security, in a short time and considering the specificity of the Client. This objective is achieved through a preliminary study analysis, the production of the necessary documents and ends with training for the company staff. The impact of the activity on the existing company organization is reduced to the minimum necessary, as is the commitment of the company managers.

Consultancy for the definition and verification of the contractual rules in relation to security

 

Contracts with third parties in general (suppliers, commercial partners, clients, outsourced service providers and so on) must contain clear and precise points aimed at defending the integrity, availability and confidentiality of the corporate information assets which, for commercial reasons, are shared with outsiders. A review of existing contracts and the setting of the clauses relating to responsibility, obligations and quality of service in accordance with the client’s directional policies is essential to ensure that the relationship with third parties is managed with the necessary degree of security.

 

Organizational consultancy for the preparation and implementation of the business-continuity plan

 
 

The Business Continuity and Disaster Recovery plans are of fundamental importance in every company; Secure Group provides all the support for the planning, organization and verification of its emergency plans so that they are concrete, effective and economically convenient. An organizational examination at the management level allows you to set up an activity plan that quickly reaches the objectives of assigning responsibilities, drafting the work program and operating procedures based on real business needs.

Preparation of rules of conduct for the staff in relation to corporate security and sensitive data processing

 

Clear and precise regulation becomes all the more necessary with the increase in services provided to computer users; in this regard, Secure Group selects from the extensive ISO 27001 controls the parts that help the user and the company to maintain the confidentiality of information. Existing technology as well as non-IT infrastructures can be regulated with minimal organizational effort and solve everyday problems often left to the individual without any expense.

 

Corporate check-up on policies (general or specific by service) adopted and related level of diffusion and application

 

Often the policies, procedures and documentation created by the company to define and regulate operations in the various sectors and company levels are the result of an effort that was not followed by the originally foreseen diffusion and application. Secure Group is able to examine these documents, verify their actual diffusion and application and to prepare a plan for them to be known and made operational by all the staff concerned in compliance with corporate needs.

Organizational check-up to verify business-continuity effectiveness

 

To be useful to the company, the Business Continuity and Disaster Recovery plans must be verified periodically, both in terms of content and in their practical implementation, without impacting on normal corporate activities. Secure Group guides the client in drafting a verification checklist to determine the degree of preparation of the company against a given event, not only taking into consideration the machines and facilities, but also the logistics and staff organization with particular attention to the sectors that are crucial for the company.

Software license compliance check-up

 

Software license management is an activity that must be managed precisely in order to demonstrate, if needed, compliance with the copyright protection law. An orderly approach to this problem is difficult especially in those companies where the hardware is numerous or changes destination with times that cannot be kept under control. Secure Group is able to set a methodology that takes into due consideration the needs of the company and the legal obligations.

Corporate Risk Assessment

 

Secure Group is able to perform the risk assessment of corporate information assets, providing an organizational and technological overview of the risks associated with the corporate information system. Thanks to the contribution of specialists in the sector who use specific tools, Secure Group provides a precise asset catalogue with relative degree of importance, a list of threats to which the company in question is subjected, the vulnerabilities it possesses and guidelines useful to start the right actions to reduce risks.

Staff training on corporate rules of conduct and ethics in relation to information security

 

The dissemination of knowledge applied to corporate policies is the foundation of information security. By directly involving all the staff in training courses on the basic principles of Information Security, the company is able to make each employee grow, making them responsible for what is within their competency and in a different way based on their position in the company. Training is necessary to complete the adaptation to the Privacy law. Secure Group holds training courses aimed at a specific topic or on information security in its more general characters.