Thanks to the issue of the ISO/IEC 27001:2022 Certification on 31 May 2023, the Trevi Group is among the first companies in Italy to be certified according to the latest version of the international standard on information security management systems. The certification was awarded to the Group by DNV, one of the leading third-party certification bodies globally that provides assurance, certification, verification and risk management services.

ISO/IEC 27001 is an international standard on information security management.

It describes the requirements for creating, implementing, maintaining and continuously improving an Information Security Management System to protect corporate information assets, including customer and supplier information and data.

Giuseppe Caselli, CEO of the Trevi Group: "The Trevi Group consolidates its digital transformation strategy to make the foundations of the company's ecosystem flexible and at the same time more secure. By investing in technologies, people and organisation, we aim to achieve excellence in protecting the company's assets and data. In addition, obtaining ISO/IEC 27001 certification enables us to achieve one of the goals of the Group Sustainability Plan. "

Massimo Alvaro, Managing Director of Business Assurance Italy for DNV, comments: "The awarding of the ISO/IEC 27001 certification underlines how carefully the Trevi Group has understood the importance of a certified information security management system to give substance to its commitment. Our audits yielded fully satisfactory results, confirming the Group's righteous path, a demonstration of a desire for continuous improvement for secure data management, in compliance with the requirements of the most important international standards".

The primary aim of ISO/IEC 27001 is to guarantee the security of company data, both at the level of information security, privacy, and cybersecurity and at the level of physical/environmental and organisational security, through careful risk analysis and management.

The key points are:

1. Preservation of confidentiality, integrity and availability of information;
2. Risk analysis, assessment and treatment to prevent and counter threats;
3. Protection of data against computer fraud.

The Trevi Group has decided to undertake the process of system integration of this new certification in order to acquire it for Trevi Finanziaria Industriale S.p.A. (the holding company of the Trevi Group listed on the stock exchange), which manages the provision of IT services to all the companies of the Group, to increase security awareness at a Group level and to improve internal information security skills.

The certification process started in May 2022 with the support of the consulting company NIER Ingegneria S.p.A. Internally, this was handled by resources from the IT and QHSE and Management Systems Departments.

In October 2022, the new version of the standard was published, the last draft of which was dated 2017, and TreviFin was determined to achieve certification according to this new version.

In March 2023, the stage 1 audit was carried out by DNV, and at the end of May, the stage 2 audit was completed with a positive outcome and subsequent issue of the Certificate.