ISO/IEC 27001: a new milestone for SCAI Puntoit

SCAI Puntoit has achieved ISO/IEC 27001 certification. This step testifies to the implementation of a state-of-the-art Information Security Management System

With a challenging 12-month path and a sprint during the summer months to enhance the hard work that has always characterised us, the team led by Marco Bonicelli enabled SCAI Puntoit to obtain ISO/IEC 27001 certification in September 2021. A value for the company and for the SCAI Group, within which we represent excellence in cybersecurity. 

ISO/IEC 27001 is an international standard that defines the requirements for implementing an Information Security Management System (ISMS) and is designed to guide the organisation in adopting appropriate and proportionate security controls. It is the only onISO/IEC 2700X series of standards that is certifiable and sets the conditions for protecting information in relation to its confidentiality, integrity and availability. The implementation of a standard-compliant ISMS is very important, as it allows information to be protected from a multitude of factors, such as cyber attacks, human error, natural disasters, technical failures and a host of other risks.

On 28/07/2021, SCAI Puntoit achieved the objective of ISO/IEC 27001 certification. This step testifies to having implemented a well-organised Information Security Management System, with a high degree of organisational maturity that can be verified over time, confirming the attention that the company devotes to safeguarding any type of data, not just digital. This system implies the training of staff and the quality of processes with regard to IT security management issues, confidence in the technologies and IT architectures involved, not only to create a strong virtuous impact on the efficiency and effectiveness of operations but also on the value proposition to customers, suppliers and business partners at international level. 

Growing user-consumer awareness, binding GDPR privacy regulations, and the incremental emergence of cyber attacks, in terms of their number and ability to cause damage to information and brand reputation, all contribute to a landscape in which companies are paying increasing attention to quality and to the peculiarities of the supply chain: vital hubs for guaranteeing products and solutions of an adequate level. The implementation of a standard-compliant ISMS is very important, as it allows information to be protected from a multitude of factors, such as cyber attacks, human error, natural disasters or any other vulnerability. 

SCAI Puntoit, in line with the strategy of the SCAI Group, focuses on the quality of the services provided to its customers. In accordance with this principle, it considered it essential to obtain certification of the ISMS regarding the ISO/IEC 27001:2013 standard: a public and global act, recognised in a special way in all contexts and by all operators connected with IT security management. The ISO/IEC 27001 certification, which is valid for all the services provided by the company, certifies that all the confidential information that customers entrust to SCAI Puntoit is adequately safeguarded by appropriate organisational, technical and physical protections. In particular, SCAI Puntoit guarantees the ability to protect:

Confidentiality – only authorised persons can access and process information.

Integrity – information is adequately protected from unauthorised changes.

Availability – information is only accessible at agreed times and places.

SCAI Puntoit’s certification process was particularly challenging: first of all because of the complexity in terms of guaranteeing the safety of the services provided to the market, the size of the company, the involvement of the structure and the accuracy of the work carried out,” explains Marco Bonicelli, Director of Managed Services & CISO at SCAI Puntoit. The CISO continues: “The presence in the company of highly specialised cybersecurity figures, starting with the IT Security Manager, Massimo Venuto, and all the colleagues in my team, played a facilitating role”. In a window of 12 months in total and with a sprint of greater commitment in just 4 months, “We worked relying on the active and energetic participation of all internal organisational levels, from CEO Gian Piero Pepino, to management, the IT team and all colleagues with organisational and operational functions.”

The achievement of this goal sees the strength of SCAI Puntoit and, at the same time, the value of belonging to the SCAI Group with the support of the internal structures throughout the process, especially in the final stages. For SCAI Puntoit it is an achievement, but above all a beginning. 

Find out more: