ISO/IEC 27001- Information Security Management System
In Generali Group, protecting corporate information assets means protecting our customers and the continuity of our business activities. Therefore, our Information Security Management System must be in line with standards and stakeholders’ expectations.
Generali Operations Service Platform, the company that provides IT services and infrastructures to the main Group Countries, is certified according to standard ISO/IEC 27001:2013 - Information Security Management System.
This certificate is valid for:
- Information security management for the delivery of IT infrastructural services for the Generali Group Companies.
- Delivery of hardware, IT services, IT engineering, Project management, organization, security services.
- Management of information security incidents according to the ISO/IEC 27035-1:2016 and ISO/IEC 27035-2:2016 guidelines.
The certification has been released/ confirmed by the Certification Body DNV GL - Business Assurance.
Generali Operations Service Platform is annually subject to ISO/IEC 27001 certification renewal, in order to ensure a continuous improvement and to guarantee the effectiveness of the Information Security Management System.
ISAE 3402 Type 2 – Third Party Assurance Report
ISAE 3402 is an independent, industry-recognized third-party certification.
This is a global standard for third party assurance, widely employed and internationally recognized for certifying the effectiveness of General IT Controls applied by the outsourcer when managing and providing services in the financial reporting field. A Type 2 report is significantly beneficial, since it tests the effectiveness of the controls over a period of time (e.g. for 12 months).
Generali Operations Service Platform underwent an external audit for the ISAE3402 report in accordance with International Standard on Assurance Engagements 3402 - Assurance Reports on Controls at a Service Organization, issued by the International Auditing and Assurance Standards Board (IAASB). This standard requires to plan and perform procedures to obtain reasonable assurance about whether the controls are suitably designed and operate effectively.