Home Sustainability Commitment to governance Cybersecurity

Cybersecurity

hands typing on a computer keyboard

As a way to keep our productive plants and internal processes secured and reliable, we pursue digital innovation through a Security by Design approach under continuous process of updating to set guidelines and Cybersecurity solutions ever since the inception of a new project.

Our strategy for cybersecurity and data protection

As a way to keep our productive plants and internal processes secured and reliable, we pursue digital innovation through a Security by Design approach under continuous process of updating to set guidelines and Cybersecurity solutions ever since the inception of a new project. While being fully aware that systems and sensible information are key assets, we constantly asset our strategy on cybersecurity and data protection to safeguard employees, clients, suppliers, and the whole value chain. The challenge we continually face is obviously due to today’s ever-evolving context of cyber threats imposing ongoing revision in the approach to data security and systems security. We work closely with regulatory institutions and authorities in every country we operate in to guarantee ongoing alignment with national norms and local regulations.

 hands typing on a computer keyboard with a padlock
Regarding data protection, we make proper use of personal data belonging to all of our stakeholders and keeps them informed on which data are gathered and kept up to date on all recent regulatory evolutions. Complete sensibility to cyber security matters is integrated whithin every business continuity as well as crises management plan, to safeguard our employees and the entire community we belong to. 
 
Security and systems’ vulnerability assessments are regularly performed on products and business processes impacting on users data, both internally and through third-party assessments. Being fully aware of the crucial role of people in cybercrime prevention, we provide periodically training sessions and we regularly verify internal population progress via tests and simulations. Moreover, we guarantee professional training sessions to our technical staff both on IT and industrial OT systems updates.
 
The following list synthetizes all processes and organizational structures involved in cyber security and data protection:
 
  • Cyber risk assessment in industrial assets and digital service; 
  • Cyber security specific processes and safeguards in compliance with international standard and certificate and best practices (ISO/IEC 27001, NIST CSF, IEC 62443, OWASP), as well as sector-specific regulations; 
  • Use of Security by design frameworks for new solutions development; 
  • Business continuity and information security management systems; 
  • Assessment of cyber stability for our third parties; 
  • Public-private partnership; 
  • Awareness, Training, Ongoing Training for employees and suppliers; 
  • Cyber threats detection for suppliers and internal collaboration; 
  • Continuous evaluation of the safety of services and provided systems; 
  • Processes and instruments for security in application development; 
  • Monitoring and incident aid service activated 24/7.
 padlock IT security network

ISO 27001 certification for Information Security

In 2025, we obtained the ISO/IEC 27001 certification, the international standard for information security management systems. Its implementation demonstrates our Group’s ongoing commitment to developing information security in line with our ethical principles, ensuring a safer business environment in support of our customers.

Corporate security policy

Our Information and Communication Technology division includes a cyber security unit reporting to our Chief Information Officer (CIO) guided by the Group’s Chief Information Security Officer (CISO). Priorities of intervention are identified considering ongoing analyses of risks to which our organization is exposed, principles definining our lines of action are set in conformity with our organization’s policy as well as the values by which priorities of intervention are fully in tune with, and binding rules along with best practices.
security process

By design approach

Each and every project or system is conceived to be intrinsically secure. Security characterizes all phases of production and release

network people

Clarity

In the awareness of a clear security communication policy, specific security content is developed in different language styles taking into account the difference in backgrounds employees and stakeholders may present.

control security

Adaptability

Our security controls adaptability is maximum, so that it can guarantee protection from the most recent threats and can assist organisational change.

hand leaf

Sustainability

Security management system is in line with internal sustainability and impacts positively on all activities.