UNI CEI ISO 27001:2013 UNI CEI ISO/IEC 27001:2013 is an international standard that defines the essential requirements for a correct Information Security Management System (ISMS). The organizations that want an Information Security Management System certified by an independent body have to refer to the UNI CEI ISO/IEC 27001:2013 standard. All organizations must be able to guarantee the security of their data, above all in a market in which information risks deriving from security system breaches are constantly on the rise. The objective of ISO 27001 lies precisely in protecting the data and information from all types of threats and in ensuring their integrity and availability only to authorized users. In this context, in 2014 eWitness Italia Srl obtained the approval of conformity with the standard for Information Security Management and received certification from Lloyd’s Register Quality Assurance as a “TSP in the field of preservation of data, digital documents and electronic delivery services”. eWitness therefore chose an organization model aimed at protecting managed information from any IT risks. eWitness prepared an in-house policy based on:
- defining competences and responsibilities for the significant roles in the field of information security;
- identifying risks and opportunities inherent in the objective of ensuring a system able to manage information security;
- actions related to information security risk analysis, management, control and monitoring;
- identifying objectives concerning information security and defining the resources needed to achieve them in the various functions and levels of the organisation.