Information Security

In 2010, the multi-year programme continued aiming to gradually "improve the security of data and company systems" and, in a parallel fashion, the constant, ongoing compliance with applicable regulatory framework obligations and requirements.

The main initiatives concerned on the one hand, the consolidation of the governance model for information security, with new specific policies and supporting tools for the design of secure applications, and on the other hand an increase in the diffused culture on the matter at all company levels, through a multi-level training plan focussing specifically on increasing sensitivity and awareness. Additionally, technical initiatives have also been launched towards the computer structures, in order to facilitate the guided introduction of tools and methods established in the company for the analysis and treatment of the risk to the computer assets.
In 2010, the matter of security checks and audits on the operating platform gained ground through various Information Security Assessments of important ICT  infrastructures and systems with the multiple objective of measuring potential risk level, verifying compliance with the model established in Terna and launching any action plans (compliance plans) aimed at eliminating the vulnerabilities detected.

Thanks to the programme contents and the preparation of new technological and organisational tools by which to assess safety level, the level of application of the governance model has grown, at the same time also causing the level of protection to rise for data and company technological infrastructures against the most common physical and "cyberspace" threats. The same programme also guaranteed, as indeed had been forecast, a timely compliance of the company with the
applicable, and constantly evolving, regulatory framework, according to the importance that the asset of "data" is now acquiring in the business processes of companies and other organisations of high technological content. Finally, under the scope of the initiatives aiming to improve security processes, in the second half of 2010 the path began towards certification to standard ISO/IEC 27001:2005 in relation to a specific information technology environment of Terna. This is represented by the TIMM (Market Monitoring Integrated Text) applications and has the aim of achieving this certification in 2011. This decision has been shared with the AEEG and aims to make Terna even more efficient in terms of the governance of data security and to improve trust between the company and its stakeholders.

Certification of the compliance of Terna with the stated standard ISO/IEC, and, therefore with the criteria of the standard for a Information Security Management System (ISMS), albeit applied to a limited business case, allows for the achievement of high standards of management/organisation, that go well beyond the  technical/operative standard of the computer and technological aspects.