Linkedin Facebook-square Spotify Podcast

R1
Data center solutions
Cloud & multicloud solutions
Design services
Managed services

Eurome
Workplace management
A/V pro
Content & document management
Asset, property & facility management

gway
Compliance
Data solution
Managed service
Software development

Cyber-Bee
Cyber services
Tech division
Cyber awareness

Trice
Media
Tech
Design
Solution

R1 Lease
HD as a service
Green offering

R1Group

R1 Group: the system integrator that has been supporting Italian companies with innovative and tailored digital solutions for more than 31 years.

discover more

Meet Us

Lipsum dolor sit amet adipisci, velit numquam dolorem ipsit dixit velit as miroum aequae.

Linkedin

Information Security Policy

Information and data security policy

R1 Group, with its six member companies, is present in the ICT sector in the following areas:

  • R1 S.p.A.: design, consulting, development, integration, supply and support of information systems.
  • Eurome: marketing of information technology and solutions in the field of office automation. Technical support and maintenance of HW equipment.
  • gway: design and development of application solutions. Provision of information systems, system support services and IT consulting.
  • R1 Lease: operating lease services.
  • Cyber-Bee: design and development of solutions, services, consulting and training in the field of information security. Commercialization of information security technologies and solutions.
  • Trice: design and development of solutions, services, consulting and training in the field of digital marketing. Marketing of technologies and solutions in the field of multimedia.

Management, and all Group personnel, is committed to ensuring the confidentiality, integrity, availability and resilience of the information assets and personal data processed by the Organization, in order to preserve the competitive advantage, profitability, rights and freedoms of data subjects while ensuring legal, regulatory and contractual compliance, as well as the resulting positive image return in the marketplace that the adoption of serious privacy protection for its customers is capable of generating.

The requirements for data and information security, shared by each Group Company, are consistent with the overall objectives and operating procedures of the Organization. The Information Security Management System (ISMS) and the adopted Organizational Model on Personal Data Protection are the means by which information is shared, proper operations are carried out, and information-related risks are reduced to acceptable levels.

R1 Group’s strategic plans and its risk management framework provide the context for the identification, analysis, assessment and control of information security risks through the implementation and maintenance of an Information Security Management System common to the six companies that comprise it, but dropped obviously into each individual business reality.

The definition of roles and responsibilities, as well as the specific identification of the processing carried out on personal data and the related analysis of the risks to which the same may be subject, constitute the context in which the Organizational Model has been implemented and is kept dynamically updated, according to the continuous evolution of the context itself.

The Risk Assessment and Treatment Document and Statement of Applicability (SOA), by the ISMS Manager, define the ways in which personal data security risks are kept under control.

Business continuity, data backup procedures, malware and intrusion protection, system access control, and reporting mechanisms when information security issues arise represent additional key elements of this policy. Control indicators for each of these areas are defined in System documentation and supported by specific procedures.

All stakeholders belonging to the Organization and any stakeholders, considered within the perimeter defined in the scope of application of the System, as well as those responsible outside the Organization who process personal data on behalf of the Data Controllers and autonomous Data Controllers with whom the Company has decided to share some of its processing, assume behaviors in accordance with what is indicated in this Policy, the Organizational Model and the Information Security Management System that implements it. All human resources and personnel involved in the processing of personal data are subject to formal appointment and receive the necessary and appropriate training in this regard.

The ISMS and the shared Organizational Model are subject to continuous and systematic reviews and improvements, and each Group Company is constantly engaged in effective maintenance of the relevant certification, based on the UNI CEI EN ISO/IEC 27001:2017 standard and the requirements of EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data.

This policy is periodically reviewed to consider any changes in the risk assessment and, consequently, in the related treatment plan.

Rome, September 5, 2022

Facebook