In a context where we are increasingly exposed to threats of damage to our IT systems, and at the same time are becoming more and more dependent on them, the structured monitoring of information security and cyber security has become essential.

It is no longer possible to address such a delicate topic with sporadic initiatives carried out by personnel typically employed in other areas of information technology.

It is essential to review and evaluate your risk framework, and develop an approach to risk at all managerial levels to guide business choices in an informed manner.

We have specific skills in IT Risk Advisory to support you in the following fields:

  • ICT Risk Assessment (risk and threat assessment)
  • ICT Audit both at companies and at their own IT service providers
  • ICT Regulatory compliance: verification of compliance with regulations (Sarbanes-Oxley Act, Italian Law 262/05, GDPR, Italian Leg. Decree 231/2001, Whistleblowing, DORA)
  • Support for ISO27001 and ISO22301 certifications
  • Evaluation, design, implementation and testing of BCP/DR plans to ensure operational resilience
  • Assessment with respect to international ICT frameworks (COBIT, NIST, ISO27000)
  • Third party certifications on the internal control system: ISAE 3402, SSAE 18 type I, type II reports
  • Information security, Cybersecurity and related security dashboards
  • Development and updating of security policies, procedures and metrics
  • Development of awareness programmes on information security