The data and information managed by the A2A Group represent strategic elements that may be targeted by cyber-attacks and accidents caused by the many vulnerabilities present in IT networks. Eventualities of this type can undermine the resilience of the company, compromising the services offered to its customers as well as its own reputation.
It is therefore imperative that these threats are promptly intercepted and effectively managed.
Specifically, it guarantees the data protection and cyber resilience of business services and digital infrastructures by implementing the Information Security Management System (ISMS). The “Cyber Defence” function provides, evolves and consolidates next-generation Digital Security services capable of fully protecting our company’s business on its path towards continuous innovation, guaranteeing continuous alignment with the Board.
The “Cyber Defence” structure includes a highly specialised unit called IRIS: Intelligent Resilience Information Security Services. The unit is made up of IT security experts tasked with defending and responding to attacks against information, IT infrastructures and digital business services.
IRIS offers the following IT security services:
Protects the company against digital criminals, is operational 24/7 and monitors in real time the security threats of both the ICT and industrial infrastructure, reducing the exposure and impact of attacks on A2A’s digital and industrial services, applications and assets
Integrates digital and security technologies, ensuring that the best security strategy and the effectiveness of controls is maintained over time according to the latest “threat models”
Assessment of the level of resilience of the company and its services through a Security Lab, a team of white hat (or ethical) hackers and specialists responsible for assessing the level of resilience of the company and its services to define the most critical current risk scenarios and study future threat trends.
Provides intelligence capabilities through proactive research and analysis of public and non-public external sources. Supports strategic security decisions and supports Cyber Security Operations by protecting A2A’s data and brand from misuse.
In order to ensure compliance with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter the “GDPR”), the A2A Group has adopted an Organization and Management Model for personal data in which:
The A2A Group has also prepared a procedural system designed to regulate the following issues:
In addition, special agreements are entered into with suppliers who process personal data on behalf of A2A Group companies which, in addition to incorporating the provisions of the law, contain specific instructions that the supplier is required to comply with when managing such data.