Security and GDPR: compliance is an opportunity
Oplium Italia, the Spindox unit that oversees the world of Digital Risk Management, does not only deal with cyber security. Compliance, the alignment of the company business with sector regulations, is often seen as a problem that complicates the operability. Viewed strategically, however, compliance becomes a factor of competitive advantage and a fundamental tool for protecting the value of the company.
This is especially true for the IT security and privacy sector, where changes are particularly rapid as regards the regulatory scenario – just think of the GDPR – external threats and the technological context.
It is the paradox of digital transformation.
On the one hand, the digital paradigm is by definition founded on the relevance, abundance and exchange of data. On the other hand, using the least amount of data possible is one of the GDPR’s mantras. What is the solution?
Data protection starts from the top of the processes, which are first imagined, then designed and finally implemented. Oplium accompanies customers in a multi-step process:
- Construction of the map of regulatory requirements or references to industry standards
- Risk impact assessment, according to the technological, organizational and cultural context of the company
- Implementation of supervisory controls and protocols
- Harmonization with other corporate controls (Risk Management, Internal Audit, Quality)
- Training on IT security and privacy protection issues
We cover all standards
Thanks to highly experienced professionals, equipped with the appropriate certifications, Oplium is able to accompany its customers in the compliance process in the following areas:
- ISO 27001 Information Security Management: among the standards recognized worldwide, it is the most systematic approach to the secure management of company information, it is based on a structured risk management process and covers people, processes and IT systems.
- ISO 22301 Business Continuity Management: is the reference standard at international level relating to the management of business continuity.
- NIST Cybersecurity Framework: voluntary standard born from the collaboration between companies and the United States government, with the aim of managing in the best way and reducing IT risk.
- ITIL Security Management: derived from ISO 27001, defines the security requirements in terms of SLA (service level agreement) according to the classic service management model of the ITIL standard.
- Cobit 5: provides a reference grid for IT security management based on measurable objectives and balanced scorecards.
- Privacy and sector regulations: GDPR, Circular 263/285, DPCM 17 February 2017 Cyber protection and national cyber security etc.