Entaksi pays the utmost attention to the protection of its customers' data.
The following is the Information Security Policy, a set of rules and procedures adopted by the company to safeguard
the protection of the processed data.
The Company’s goal is the correct management of all generated or processed information in order to guarantee
management continuity and to prevent or minimize possible damage.
In order to achieve this goal, Entaksi uses an Integrated Management System (IMS, "Sistema Integrato di Gestione") which
covers all the characteristic activities of the Company, in compliance with the information security policy.
The IMS includes the design, production, marketing, installation and assistance of software applications, provision of IT services such as the distribution of applications in a SaaS (Software as a Service) way.
The IMS adopted by Entaksi Solutions SpA is the result of the coordinated and integrated adoption of systems management compliant with the following standards:
ISO 9001:2015 – Quality Management System (QMS)
ISO/IEC 20000-1:2011 – IT Service Management System (ITSMS)
ISO/IEC 27001:2013 – Information Security Management System (ISMS)
ISO/IEC 27017:2015 - Extension of the Information Security Management System (ISMS)
ISO/IEC 27018:2019 - Extension of the Information Security Management System (ISMS)
ISO/IEC 27035:2016 - Information Security Incident Management System (ISIMS)
ISO/IEC 22301:2019 - Business Continuity Management System (BCMS)
UNI ISO 37001:2016 - Anti-Bribery Management System (ABMS)
EU Regulation n° 910/2014 - EIDAS - Trust Service Management System (TSMS)
ETSI EN 319 401
ETSI EN 319 421
ETSI TS 119 511
Policies for protection and security must safeguard three fundamental aspects relating to computer data:
Confidentiality: the data access has to be restricted according to the privileges indicated for the defined users, in accordance with their classification level, and the information must be protected from any unauthorized access.
Integrity: the information must be complete and accurate. All systems, assets and networks must work properly, according to specifications that guarantee full operation.
Availability: the information must be available for access and distribution to those who hold the rights according to the classification level.
All information processed by Entaksi is classified on the basis to its content and managed on the basis of the assigned
classification.
The information is protected, managed and made available according to permitted uses.
Entaksi takes care to elaborate a periodic risk analysis to evaluate the treatment of the risk on information assets,
and to adjust the system according the result obtained.
All Entaksi staff which is involved in the creation or management of information takes care of their correct classification and treatment, and is adequately and constantly instructed and trained in this regard.
In the company, there are defined roles and responsibilities in order to ensure maintenance and correctness management of the Integrated Management System and the achievement of safety objectives.
The external subjects, who come into contact with data managed by Entaksi, are defined through the service contracts, and they are obliged to sign a confidentiality agreement.
The ISO/IEC 22301:2019 standard establishes the necessary requirements for correct implementation of a Business Continuity Management System. Entaksi has adopted this international standard in order to ensure the continuity of its IT services.
Entaksi puts in place the technical and organizational measures necessary to guarantee a suitable level of safety in order to maintain business continuity, and periodically updates its strategies and procedures to guarantee their continuity and effectiveness over time.
Continuous monitoring of performance and selected parameters of systems constitutes a central point of the implementation of this management system, and the Management deals with a continuous review of the company’s objectives through a specific Business Process Impact Analysis and a periodic risk analysis. Objectives such as resource planning, continuous attention to the requirements adherence and consideration of interested parties are deemed critical to the company.
Correct management of IT incidents is considered a fundamental requirement for the security of IT services.
Responding to harm alone is not enough to ensure complete protection for the information managed. Therefore, Entaksi has decided to adopt a structured approach to incident management, adapting its own Integrated Management System to the ISO/IEC 27035:2016 standard for the management of IT incidents.
The scheme provides to prepare an incident management plan, for which a specially trained and prepared Incident Response Team is set up.
In the procedures, it is paid particular attention to the response and to the points of contact between the company and the customers, in order to improve not only the prevention phase but also the reaction phase, and in particular, to not underestimate possible damages deriving above all from personal data (data breach), for which the company intends to operate with the maximum transparency.
Entaksi maintains its Integrated Management System in compliance with the General Regulation on Data Protection (General Data Protection Regulation) of the European Union n. 2016/679.
For further information on data processing, please read the Privacy Policy.
Entaksi Solutions SpA undertakes to prevent any phenomenon of bribery, i.e. "offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and irrespective of location(s), in violation of applicable law, as an inducement or reward for a person acting or refraining from acting in relation to the performance of that person’s duties".
The organization therefore has a Anti-Bribery Management System (ABMS) compliant with the UNI ISO 37001:2016 standard, which, through its controls, is able to maintain the Integrated Management System aligned to the mandatory anti-bribery regulations.
For more information, read the Anti-Bribery Management Policy.
The policy is periodically reviewed and constantly updated in the event of new threats, technology updates, fixes to known issues, and it is also compliant with standards for which Entaksi has obtained certifications, described in the dedicated page.
As concern the information security, the SIG complies with the controls established by the ISO 27001:2013 and its extensions ISO/IEC 27017:2015 and ISO/IEC 27018:2019 and related standards and regulations about the protection of personally identifiable information (PII), including, in particular, the EU Regulation n. 2016/679.
For more information see our page Frequently Asked Questions.
Read the extended version of the Information Security Policy Document.
Read the public version of our
DPIA (Data protection Impact Assessment).
Updated 14/07/2023.