Fidiger S.p.A. has obtained the ISO 27001:2017 Information Security Certificate.
UNI CEI ISO/IEC 27001:2017 is an international standard that sets out the requirements for establishing and implementing an Information Security Management System and covers issues which relate to logical, physical and organizational security. The key objective is to set up a system for the management of risks and the protection of information and ICT assets.
Information security is of the essence for Fidiger S.p.A.
Information is a crucial element in order to ensure a higher standard of services and constitutes the key asset for Fidiger S.p.A., which ensures its confidentiality, integrity and availability thanks to a careful check of its IT systems and, in general, of the information lifecycle management procedures.
Keeping client information secure and using it only as clients expressly ask us to is a top priority for all of us at Fidiger S.p.A. With this in mind, the firm embarked on the project which led to the successful completion of the ISO 27001:2017 certification process.
Hence, Fidiger S.p.A. undertakes to:
Protect client information by maintaining strict confidentiality and security standards.
Restrict the personal information gathered and used to the minimum level required to provide high-level services to Clients, including advice on the services and, in general, on all activities carried out by Fidiger.
Allow access to personal client information solely to authorized employees/staff who have received adequate information management training. Violation by employees of this confidentiality undertaking shall result in disciplinary measures.
Not to disclose personal client information to any external organization, unless the Client authorized the disclosure by signing comprehensible privacy notices or otherwise expressly provided its consent. Fidiger shall be obligated to provide the information in accordance with the law or by operation of EU regulations or rules or pursuant to requests by the judicial authority.
Exercise constant control over the confidentiality of the information received from Clients; maintain the utmost confidentiality on the data, documents and information it will become aware of during its activity and strictly comply with the prohibition to disclose the information or, in general, the content of client declarations to third parties; not to use, disclose to or copy for any third parties commercial, technical or other documents or other information, nor transfer, deliver or leave any such documents to or with third parties in safe custody without the Client’s written consent.
Maintain, including for its employees and staff, the utmost confidentiality on the data and/or information it will become aware of while handling client information.
Ask the organizations that Fidiger should rely on for support services to subscribe to the Information Security standards and to allow Fidiger to monitor their compliance therewith.
Not to use or disclose in any manner – within or outside the organization – personal and sensitive information allowing the personal identification of Clients and of the information entrusted to Fidiger in the performance of the service requested by the Client. If such information is essential for the provision of other services, Fidiger may use it only subject to the Clients’ written consent to be issued at the time the information is given or thereafter and, if required by law, subject to consent by the competent authority.
Make its best efforts to ensure that the information contained in Client files is exact, complete and updated. Fidiger S.p.A. will tell Clients how and where they may access their information (except where this is not allowed by law) and notify any errors which will be promptly corrected by Fidiger.
Ensure the availability of information by implementing an adequate Disaster Recovery and Business Continuity policy.
Monitor and update its security policies with a view to continuous improvement.
Carry out constant checks on the actions taken by its staff in order to ensure that the information is kept secure and that business is carried out in such a way as to protect Client confidentiality.