For us “Information Security” means protecting our customers, employees and the data of our business partners, guaranteeing the security of the company’s services and the continuity of our business activities. The current context, characterised by the ongoing evolution of cyber threats and the more stringent regulations imparted by the authorities, presents several major challenges to businesses. We are committed to guaranteeing that the Group is constantly equipped with appropriate security systems, thus becoming increasingly more reliable for our stakeholders.
More specifically, we pledge to:
- protect the company’s services and strengthen its security standards
- define internal security regulations and monitor their implementation
- define a solid management process for IT risks
- ensure the implementation of security measures for the management of cyber threats
- raise awareness and understanding around the issue among all employees
We have therefore developed a strategy to continuously improve the Group’s security level, in four key areas
The Generali Group has developed a long-term IT security program to address the cyber security issues analysed. This includes suitable countermeasures for specific situations. All projects defined and included in the program are regularly reviewed according to a schedule while the long-term strategy is reviewed annually.
The IT security program was approved by the Senior Management of the Group and the Board of Directors; the Risk and Control Committee is responsible for implementing it.
The Chief Information Security Officer is identified within the Group IT & Operations Risk & Security structure. To strengthen IT security risk management, the Group Risk Management Department has set up a unit specifically dedicated to monitoring and managing cyber risk. The unit is called “Group IT Risk Framework”.
We believe that the human factor is crucial to protecting our information. In fact, we have developed an IT security awareness program for all our employees in the form of a mini series of instructional videos. All of the material is available on the Group portal dedicated to employees. Some episodes are connected with specific information security areas, such as the classification of information, smartphone and tablet security and social engineering.
Generali Shared Service, the company that provides IT services and infrastructures to the main Group countries, is certified according to the following standards:
1) ISAE 3402 Type2 – Third party assurance report
2) ISO 27001 - Information security management system
We underwent an EY audit for the ISAE3402 report and an audit by DNV GL for the ISO27001, as well as being regularly audited for the financial report.