Risorse per Roma becomes the first 100% in-house company in Italy to receive ISO certifications on cybersecurity.
The award ceremony took place in the Campidoglio in the presence of the Mayor Roberto Gualtieri, the Sole Director of the company Albino Ruberti and the General Director CSQA Maria Chiara Ferrarese.
These are the ISO/IEC 27001 certifications and their extensions ISO/IEC 27017, ISO/IEC 27018 and ISO/IEC 27701 , which refer to information security and the protection of personal data.
Of the 2,355 companies certified in Italy for ISO/IEC 27001, only 297 have obtained all four certifications, which can only be obtained in sequential order, i.e. recognizing an extension only in the presence of the previous one (data as of 11.08.24, source: Accredia).
“Italy is among the countries most affected in the world by ransomware and risks related to the security of personal data, starting with the Public Administration” recalled Mayor Gualtieri , who continued: “ Precisely to guarantee the citizens of Rome at the highest possible level, Roma Capitale and its subsidiaries are making a 360-degree commitment to cybersecurity.
The certifications delivered today to Risorse per Roma – concluded the mayor – therefore represent a just recognition for the work of those who do not intend to underestimate all those dangers that directly impact the quality of services as well as the guarantee of confidentiality of sensitive personal data”.
According to Albino Ruberti, Sole Director of Risorse per Roma : “Our company has come a long way, it obtained the certification for gender equality last March, continued with the one relating to safety and health in the workplace three months ago, to arrive today at the finish line relating to information security and the protection of personal data in which we have really invested a lot in the last year.
Today we are - he continued - among the 297 Italian companies to have all 4 certifications of the 27001 family and the only one 100% publicly owned. I thank - concluded Ruberti - all the employees of Risorse per Roma for the great work done".
The certificates
The ISO/IEC 27001 standard is the only international standard subject to verification and certifiable that defines the requirements for an Information Security Management System, supports the company in managing risks and in the choice of security countermeasures.
ISO/IEC 27017: Guideline that provides advanced controls for both providers and customers of cloud services, with the aim of clarifying the roles and responsibilities of the different actors in the cloud environment.
ISO/IEC 27018 : Guideline for Cloud Providers providing services in the public cloud, with the aim of offering a structured way to comply with the applicable obligations when the provider itself acts as a data controller.
ISO/IEC 27701 : A guideline for organizations wishing to implement a personal information management system in compliance with the provisions of the GDPR, with the aim of demonstrating to customers and stakeholders that the organization uses effective systems to reduce the risks related to the management of personal data.