Information protection and security policies must safeguard three fundamental aspects of data:

All information processed by Entaksi in the exercise of its functions is classified based on its content and managed according to its assigned classification. Information is protected, managed, and made available according to permitted uses. Entaksi periodically conducts a risk analysis to assess information asset risk treatment and adjusts its system according to the results.

All Entaksi personnel involved in the creation or management of information are responsible for its correct classification and handling and receive appropriate and ongoing training in this regard.

Defined roles and responsibilities exist within the company to ensure the maintenance and proper operation of the Integrated Management System and the achievement of security objectives.

External parties who come into contact with data managed by Entaksi are defined through service contracts and are required to sign a confidentiality agreement.

The ISO/IEC 22301:2019 standard establishes the requirements necessary for the correct implementation of a Business Continuity Management System (BCMS). Entaksi has adopted this international standard to ensure the continuity of its IT services.

Entaksi implements the technical and organizational measures necessary to maintain an adequate level of security for business continuity and periodically updates its strategies and procedures to ensure their ongoing effectiveness.

Continuous monitoring of system performance and selected parameters is central to the implementation of this management system. Management continuously reviews company objectives through a specific Business Process Impact Analysis and periodic risk assessments. Objectives such as resource planning, consistent compliance with requirements, and consideration of stakeholder needs are considered fundamental to the company.

Proper management of IT incidents is considered a fundamental requirement for IT service security.

A simple response to an incident is not sufficient to guarantee complete information protection. For this reason, Entaksi has adopted a structured approach to incident management, aligning its Integrated Management System with ISO/IEC 27035:2016 for information security incident management.

The framework includes a strategic level of incident management planning, with a dedicated and specially trained Incident Response Team (IRT).

Procedures pay particular attention to response activities and communication points between the company and clients, improving not only prevention but also reaction phases. In particular, potential damage involving personal data (data breaches) is managed with the utmost transparency.

Entaksi maintains its Integrated Management System in compliance with the General Data Protection Regulation (GDPR) of the European Union No. 2016/679.

For more information regarding data processing, please consult the Privacy Policy.

This policy is periodically reviewed and constantly updated in response to new threats, technological advancements, and the resolution of known issues. It is also compliant with the standards for which Entaksi has obtained certifications, as described on the dedicated page.

Regarding information security in particular, the IMS complies with the controls established by ISO 27001:2013 and its extensions ISO/IEC 27017:2015 and ISO/IEC 27018:2019, as well as data protection regulations, including in particular