Information security and protection are key requisites for our law firm (hereinafter, Firm) to achieve its business goals. Information security requirements are consistent with Firm’s objectives.

How our SGSI system has been implemented

In fact, our Information Security Management System (ISMS) has been implemented to have information shared, operations correctly performed, and any risks related to information reduced to acceptable levels. This is how Firm assures balanced protection of data confidentiality, integrity and availability (CIA) while performing its activities, through an established “Information Security Management System” (hereinafter also referred to as SGSI, i.e., the Italian acronym for ISMS). And this is constantly in line with the requirements expected by the Firm’s stakeholders, and in compliance with the applicable regulations in force from time to time.

Firm’s purpose

In particular, the system is applied to “the provision of legal advice and representation in civil law and criminal law proceedings, specifically in the areas of labour, corporate, bankruptcy, banking and family law”.

Goals achieved through our SGSI system

SGSI’s general objectives, pursued thanks to the management’s commitment, are the following:

• point out to clients the firm’s ability to provide secure services on a regular basis, maximizing business objectives;
• reduce, possibly to nil, the risk of loss and/or unavailability of customer data by planning and managing activities to ensure continuity of service;
• carry out a continuous and adequate risk analysis that constantly examines the vulnerabilities and threats associated with the activities to which the system applies;
• comply with applicable laws and regulations, contractual requirements, company rules and procedures;
• promote collaboration, understanding and awareness of the ISMS by strategic providers;
• comply with the principles and controls established by ISO 27001, or other standards/regulations governing the business activities the firm is involved in, including, in particular, regulations relating to Privacy and Personal Data Security (GDPR);
• ensure its continuous improvement.

All Firm’s staff and collaborators are involved in reporting any incidents found and any weaknesses identified in the SGSI; as they are actively engaged and follow ISMS Manager’s instructions and directives, they too support SGSI development, implementation, and periodic review, thus ensuring and its consequent improvement on a regular basis.

Firm’s Management is committed to reach the goals set by this policy, using the necessary tools and resources.

Milan, November 10th 2020

Mr. Pietro Ichino Senior Partner of the Firm