privacy and security
Thanks to the 10-year experience and synergy of our consultants, we aim to offer a full consultancy through services and activities that support companies and specialists for what concerns Privacy, Cyber Security, Job Security and H.A.C.C.P.
THE SECURITY OF YOUR COMPANY
Thanks to the partnership between Man Evotech, KALEA Engineering and RL Solutions, we are able to provide a complete consulting service for companies that need to direct their investments towards procedural and cyber solutions, suitable to the nowadays company legislation.
PRIVACY ADEQUACY DECISIONS
The Privacy Team, composed by privacy and IT experts, is available to the customer to provide a customized consultancy, according to the required needs and the business sector. All of this to be conformed to the EU General Data Protection Regulation (GDPR) 679/2016.
Man Evotech is able to support companies by providing operative procedures, tasks, assignments to manage and keep safe your personal data. Man Evotech consultants provide a constant and customized consultancy to always keep updated your privacy system.
Attività di adeguamento
L’intervento del Team Privacy consiste in un’analisi preliminare della struttura organizzativa per far emergere eventuali criticità e vulnerabilità del sistema di gestione dei dati e valutarne così le azioni correttive e le misure di mitigazione.
Una volta esaminato il contesto verrà predisposto un programma di adeguamento, consentendo così di procedere a una serie di attività volte a uniformare e conformare l’azienda ai dettami privacy
With the implementation of GDPR, the training obligation by the company controller to the team instructed to process personal data become fundamental in the adequacy process.
Anyone who acts under the holder authority and as access to personal data can’t process these data without the proper training. Training represents the perquisite to operate in organizations, companies, and P.A.
The proposed courses aimed to provide a clear and complete framework about the Regulation and to give instructions and information about how to properly manage company data.
Data Protection Officer is chosen according to the professional qualities and specialistic knowledges of the regulation and procedure of data protection.
WHEN DO YOU NEED DPO?
- Process by a public entity;
- The main activities consist of processes that need a large-scale regular and systemic monitoring;
- The main activities consist of large-scale process of specific data categories.
WHICH ARE DPO’S TASKS?
- Supervising the compliance with the provisions within the organisation;
- Informing and providing support and consultancy to the organisation according to obligations related to data protection;
- Cooperating with the inspection authorities and acting as a bridge for issues related to data process.
Privacy professional figures
– Eleonora Ganora: Man Evotech privacy processor and DPO expert
– Roberto Loche: privacy consultant – partner Man Evotech
The chosen solutions, that guarantees IT systems and services, must be stable and safe as required by the Regulation to satisfy the adequacy concept.
MAN Evotech can help you to be conformed to what impose the GDPR, helping you not to incur penalties.
As indicated by the Regulation it is necessary to take all the precautions against the theft of confidential information, and to have the possibility to communicate (in case of Data Breach) what was violated or stolen in terms of data.
Vulnerability Assessment highlights the weaknesses in the IT perimeter and, once identified, it provides the correct measures to mitigate or avoid risks that loom over the patrimony.
The analysis is less invasive than Penetration Test and it is performed with the IT administrator (when available) directly in the company, to whom he try to give a payment plan to mitigate the risk.
We can define it as an analytic process liable to improve the IT structure itself, evaluating systems security.
This type of analysis is performed to deeply examine the IT structure in terms of Network, the access points and exposed or applicative services, Database, Websites with invasive test, depending on customer requirements.
The Penetration test simulate a cyber-attack both from the inside and the outside, when there are exposed services, and its purpose is to avoid that a hacker could impact on confidentiality, integrity and availability of resource.
These are tests that are performed with strict parameters and particular attention, defining what must be attacked, according to customer requirements. The Penetration Test is always performed only after a previous Vulnerability Assessment.
Firewall e Logging
To satisfy confidentiality standards of data, located in the IT perimeter, a corporate Network must have a firewall, to avoid the leakage of sensible data form the system itself or to supervise the out-going traffic from your network. This could happen because an internal employee release data without being authorized, or because cyber virus steals your information.
This risk made your system potentially not conform to what imposed on the GDPR, where in case of tests or data breach, must communicate in 72 hours which were the data potentially stolen from individual customers.
When data are sensible it is important to have a Logging System capable to supervise everything that happens in your IT structure.
– Andrea Giampietro: MAN Evotech IT director, expert in cyber security.
Thanks to a professional team with transversal competences, Kalea Engineering can provide to the customer a full service for all health and safety requirements at work, as well as everything that concerns machine safety and equipment.
We act as employer’s partner, supporting him from a technical and regulatory point of view and trying to support the safety culture, that can be achieved through training, information, awareness, and collaboration among all the corporate figures working in this field.
Our intervention consists of an inspection and a previous analysis of the company, beginning from places of work and activities. In this way are identified risks related to every task and who follows a thorough assessment, in order to identify the correct preventive and protective measures to be implemented.
Risk Assessment Report
The Risk Assessment Report is a document that companies must edit, preserve and show to the inspection bodies in case of inspection or verification. It identifies and assesses company risks and contains all the correct preventive and protective procedures and measures.
The editing of the Risk Assessment Report is compulsory for all the companies with at least one employee. Workers are also treated in the same way as members of a cooperative or company, as well as a student of educational and university institutions or of vocational training courses.
Hiring an external Health and Safety Manager
According to to art.31 comma 1 of Lgs.D. 81/08, the employer can nominate a Health and Safety Manager, that satisfy all the conditions in the art.32 of the same decree.
The Health and Safety Manager supports the employer in the performance of his duties, making all his technical and legislative competences available, identifying intervention that aim to guarantee health and safety protection of workers, training and information programs included.
Other safety activities
- Editing a single document for the assessment of interference risks;
- Instrumental measurements of risk factors (e.g. noise, vibration, optical radiation,…);
- Preparation of evacuation plan and emergency plans;
- Safety of machinery and equipment;
- Testing of electromedical equipment;
- Occupational health service through partner companies;
- Verification of earthing and protective systems against atmospheric discharges by the notified body “MISE”.
Professional figure of Job security
– Silvia Cresto: job security consultant – partner Man Evotech