Your browser version is not updated, please update it.

IT security With a view to safeguarding business and achieving strategic and operational objectives, the Group considers it strategically important to guarantee the protection of the information assets of the Company, and of its customers and other stakeholders, and to ensure the security of transactions.

With a view to safeguarding business and achieving strategic and operational objectives, the Group considers it strategically important to guarantee the protection of the information assets of the Company, and of its customers and other stakeholders, and to ensure the security of transactions.

As evidence of the specific attention paid to this issue, the Group’s objective is to pursue ongoing research and subsequent dissemination of advanced technological solutions in order to address IT risks and promote technological innovation. Ensuring adequate levels of confidentiality, integrity and availability of data, information and services provided to customers requires increasingly advanced protection systems to safeguard personal data, tangible and intangible assets and intellectual property. Consequently, in line with business needs, Poste Italiane has developed and adopted a specific IT security framework that, starting from the objectives defined in the IT Security Policy, provides specific methodologies regarding the IT risk analysis, cross-cutting interventions and technological projects needed to ensure the proper functioning of the security platforms, “Security by Design” activities and cross-cutting security technological infrastructures. The framework is completed by integrated management of information flows deriving from the various IT security structures and an Integrated Management System for IT Quality and Security that incorporates the aspects highlighted by international standards and postal sector benchmarks. 
Poste Italiane has also adopted the Consolidated Security Act with the aim of providing a concise description of the methodological and operational approach adopted by the
Poste Italiane Group for the management of IT Security, a fundamental element for achieving the objectives set out in the five-year Deliver 2022 Strategic Plan. 

Thanks to the innovative processes and strategic partnerships put in place by the Group, in 2019 48% fewer IT security breaches and cyber security incidents were registered (around 16) compared with 2016.
 
Poste Italiane’s main projects within this area are “Personal data protection” and “The Computer Emergency Response Team (CERT) and business continuity”, which are detailed below.


Personal data protection
With a view to achieving uniform management of personal data and compliance with recent regulatory requirements in this regard, the Group has adopted a corporate regulatory system consisting of the Privacy Guidelines, to ensure that management complies with legal provisions, and the Personal Data Protection Management System Guidelines, designed to ensure a uniform personal data management system at Group level, which complies with the provisions of the European General Data Protection Regulation (GDPR) and current Italian legislation.

In order to ensure effective fulfilment of the obligations provided by the GDPR and guarantee continuous improvement of the management system, a Privacy Framework has been drawn up that identifies the main relevant thematic areas and the organisational and technical controls implemented. The Framework enables continuous assessment and verification of the levels of maturity achieved to be carried out. 









The Computer Emergency Response Team (CERT) and business continuity
In order to ensure that cyber security and data protection activities are monitored at Group level, as early as 2013 the Company created the Computer Emergency Response Team (CERT), consisting of a team of IT security experts. Specifically, CERT deals with prevention, analysis and protection from cyber threats, in order to increase the Company’s defence capabilities and awareness, to promote and disseminate knowledge and awareness of cyber security at national level. With a view to sharing and exchanging knowledge in the field of cyber security, CERT has the task of coordinating all activities in response to computer emergencies and maintaining relations with other public and private institutions in order to protect its own computer networks and those of the national system.



The Business Control Center and the security agreement with the Postal Police are linked to the attention that Poste reserves for the protection of the security of all its customers and employees, in light of its leading role for the country and in constant synergy with the institutions. One of the main tasks of the structure is to monitor in real time, 24 hours a day, the services provided by Poste Italiane, to protect the security of customers in Post Offices and employees in all workplaces, to combat fraud and cybercrime, and to test the services offered by the Company. 

© Poste Italiane 2020 - VAT registration number: 01114601006

vai a inizio pagina