• White LinkedIn Icon
  • Bianco Google+ Icon
  • White Instagram Icon

-  2017 e-lawyers. All rights reserved  - 

The Code for the protection of personal data (Privacy Code) provides in art. 33 the so-called minimum security measures consisting of a whole series of measures to be taken to ensure minimum security of data processing. The provision in question is inspired by art. 15, paragraph 2, L. n. 675/1996 sanctioning the obligation for data controllers to adopt the minimum security measures required by law. The minimum measures are listed in the art. 34 (for computerized processing) and 35 (for processing without computer) of the Code. Security in information technology is equivalent to implementing all the measures and techniques necessary to protect the hardware, software and data from unauthorized access (intentional or otherwise), to guarantee confidentiality, as well as any illegal use, from disclosure, modification and destruction.

This includes the security of the heart of the information system, that is, the electronic center of the computer itself, of programs, data and archives. In a company system, in which several subjects interact, security can only be guaranteed if:

  1. the lawful actions that each subject can perform interacting with the goods that can be accessed through the network, will be correctly identified and defined;

  2. the system will be defined in all its aspects (technical, procedural, organizational, etc.), in such a way that possible illicit actions, possibly implemented by both outsiders and network users, are countered with a much greater effectiveness the higher the damages resulting from the illegal action considered.

The fulfillment of the two conditions requires the development of a security policy in which:

  1. with the criterion of minimum damage for an institution, the set of authorizations that specify the legitimate ways of interaction of each subject with the goods that can be accessed through the network is chosen;

  2. they are selected, applying a risk analysis and management methodology to the system, technical, logical (also called safety functions) countermeasures, physical, procedural and personnel that allow the overall residual risk to be reduced to acceptable levels.

e-lawyers thanks to its team of specialists, is able to provide companies, small and medium-sized enterprises with information security skills, in full compliance with industry regulations.

 e-lawyers services:

  • Analysis of the organizational aspects of the company's core business, to identify the assets subject to information security, the quantification of the value of the assets, the classification of the subjects from the point of view of reliability, the application of predefined authorization rules;

  • Analysis and implementation of adequate countermeasures that make the system safe from external attacks;

  • Identification and training, in the company's core business, of a system administrator;

  • Implementation of the computer authentication system in compliance with industry regulations;

  • Drafting of specific data processing policies;

  • Assistance to the company in the preparation and management of specific IT security audits;

  • Implementation of a disaster recovery plan;

  • Monitoring of all data processing activities in order to ensure compliance with the regulations in the specific reference organizational situation;

  • Support for relations with the Guarantor Authority on all issues that should invest the company or the institution in the field of information security

e-lawyers training:

The e-lawyers team carries out customized company training to ensure constant updating of national and European legislation on IT security

Info about the service