Governance, risk and compliance.
The Maxwell division that supports, implements and improves the implementation of the international norm and standards within the company organisation. An approach that transforms a 'limitation', the standard, into an opportunity for efficiency, risk mitigation and not least business development through the implementation of international standards such as ISO/IEC 2700x.
Every organisation needs to streamline its internal processes, including those regarding compliance with mandatory regulations or international standards required for the delivery of its business products and services or achieved as an element that differentiates it from its competitors.
The development of international standards for the protection of information and, more generally, of Information & Communication Technology, is a process that is, by its very nature, constantly adapting and evolving
This process includes the revision and refinement of methods, techniques and guidelines needed to consciously address and manage both the information security aspects and those regarding the protection of individuals with regard to their personal data: so-called data protection.
79Mln €
GDPR sanctions in Italy 2018/21.
+30%
Serious attacks on computer systems in Italy 2021.
SOURCES: Clusit Report 2021 - DLA Piper Report
Advanced Enterprise Management System?
ISO/IEC 17021-compliant management system, allowing process certification according to ISO/IEC 17065.
Often, different regulatory compliance issues are addressed in an inconsistent and unstructured manner in companies, missing opportunities to streamline business processes, by optimising effort and implementation costs
A unified and consistent approach in the implementation of the many, and sometimes diverse, certification schemes is not only possible: it is an opportunity for improvement for every company's business.
aEMS - Our specialisations
Cyber security, quality & business continuity
ISO/IEC 2700x (series)
The ISO/IEC 27000 series 'Information Security Management Systems Family of Standards' is an information security standard drawn up by ISO. It groups together a set of international standards that aim to protect the information that is maintained and processed by an organisation.
ISO 9001
The acronym ISO 9000 identifies a set of standards and guidelines developed by the International Organisation for Standardisation (ISO) that define the requirements for the implementation within an organisation of a quality management system, in order to conduct business processes, improve effectiveness and efficiency in product manufacture and service delivery, and achieve and increase customer satisfaction. ISO 22301 The ISO 22301 standard "Societal security -- Business continuity management systems --- Requirements" is an international standard relating to business continuity management, which defines the requirements necessary to plan, establish, implement, and operate a documented management system, and to monitor, maintain active and continuously improve the management system aimed at protecting, reducing the possibility of occurrence, preparing, responding to and recovering from events destabilising an organisation, when they occur.
ISO 22301
ISO 22301 "Societal security -- Business continuity management systems --- Requirements" is an international standard related to business continuity management, which defines the requirements necessary to plan, establish, implement and operate a documented management system, and to monitor, maintain and continually improve the management system designed to protect, reduce the possibility of occurrence, prepare for, respond to and recover from disruptive events for an organisation when they occur.
eIDAS Preservation
EU Reg. 910/2014
The eIDAS (electronic IDentification Authentication and Signature) Regulation - EU Regulation No. 910/2014 on digital identity - aims to provide an EU-wide regulatory basis for trust services and electronic identification means in member states.
The eIDAS Regulation provides a common legal basis for secure electronic interactions between citizens, businesses and public administrations and increases the security and effectiveness of electronic services and e-business and e-commerce transactions in the European Union.
GDPR & Privacy
EU Reg. 2016/679
The General Data Protection Regulation (GDPR), officially Regulation (EU) No. 2016/679, is a European Union regulation on personal data processing and privacy, which was adopted on 27 April 2016, published in the Official Journal of the European Union on 4 May 2016 and entered into force on 24 May of the same year and is operational as of 25 May 2018.
With this regulation, the European Commission aims to strengthen the protection of personal data of European Union (EU) citizens and EU residents, both within and outside the EU borders, by giving citizens back control of their personal data, simplifying the regulatory environment concerning international affairs, and unifying and homogenising privacy legislation within the EU.
The text also addresses the issue of exporting personal data outside the EU and obliges all data controllers (including those with a registered office outside the EU) that process data of EU residents to observe and comply with the requirements. Since its entry into force, the GDPR has replaced the contents of the data protection directive (Directive 95/46/EC) and, in Italy, has repealed the articles of the code for the protection of personal data (d.lgs.n. 196/2003) that are incompatible with it.
Sustainability
ISO 14001
ISO 14001 identifies a technical standard of the International Organisation for Standardisation (ISO) on environmental management systems (EMS) that sets out the requirements for an environmental management system of any organisation. It is part of the ISO 14000 series of standards developed by the Technical Committee (TC) ISO/TC 207. This standard can be used for certification, self-declaration or simply as a guideline to establish, implement and improve an environmental management system.
The ISO 14001 standard, now in its third edition in 2015, is explicitly inspired by the PDCA model (Plan-Do-Check-Act, also known as the Deming cycle after its creator William Edwards Deming). An extensive guideline is contained in ISO 14004, which sets out the principles, systems and supporting techniques for environmental management systems. A more concise 'user guide' is contained in ISO 14001 itself.
Insights
Cybersecurity - More than 90 per cent of security incidents result from human error*…
#ID1649777039805 .imageck img { margin-bottom: 4rem; } #ID1649777039805 #ID1649777039805 img { margin-bottom: 4rem; } #ID1656658663308 What if attacks on corporate information assets depended largely on the behaviour of people within the company?
It is now commonplace to hear tales of colleagues or friends unknowingly clicking malicious links within an e-mail potentially compromising corporate information.Although technical checks are very important and increasingly frequent, statistics confirm that most cyber attacks are only successful if a human makes a mistake.The main causes of attacks can be found in elementary behaviour by employees in moments of inattention.
The...
Read moreContacts
Archiva Group centralised reception
Phone: +39 045 288 00 00