Information security

in

Information securityAs the operator of the national grid, Ternai has in its database confidential information of the users of the transmission and dispatching services, in particular electricity producers and traders. Such information includes, for example, specific data regarding plants, with the related production capacity and injection plans presented to the electricity exchange.    

Considering the significant commercial value of this information, Terna implements the best practices for protecting sensitive data in order to prevent information in its possession being accessible to unauthorized third parties or subjected to violations. The same also applies to:

  • the data collected from industry companies for the purpose of compiling the industry statistics, a task performed by Terna within the framework of the National Statistics System;
  • the data put at the disposal of the industry Authority for monitoring the electricity market (TIMM applications, integrated text regarding the monitoring of the wholesale electricity market and the dispatching service market, the subject matter of Resolution n. 115/08 of the AEEG).

The responsibilities and procedures regarding the Company’s information and ICT systems are established within the prescriptive framework of Terna’s Information Security Policy and taken up again more specifically – for the purposes of the processing of personal data communicated to Terna by external parties – in the Security Planningi Document, which is constantly updated. 

During 2010, the Company further enhanced the level of protection of its information and information systems thanks to the first results of the program to improve information security governance initiated by Terna in 2009, which is based on the adoption of a framework structured according to the main international benchmark standards. The new framework enables the Company to select and implement the most suitable protection measures for increasing the security of the information processed through its computer system, with positive repercussions also on its safeguard of personal data.   

The program also ensures Terna’s conformance with the regulatory framework regarding information security, including the one regarding the protection of personal data.

To support this program Terna developed, and partly implemented towards the end of the year, a training and awareness-raising program, with initiatives at different levels aimed at increasing both the dissemination of the culture of information security throughout the Company and – for the specialists who manage the technologies – familiarity with the instruments and methods introduced by the framework.  

In the second half of 2010 the Company started the process of the ISO/IEC 27001:2005 certification of the TIMM applications, with the objective of obtaining it in 2011. The project was agreed on with the AEEG and is meant to further characterize Terna in the field of governance and increase trust between the Company and its stakeholders.  

The ISO 27001:2005 is an international standard that furnishes the requirements of an Information Security Management System (ISMS), in particular with regard to physical, logical, and organizational security.
The ISO/IEC 27001 standard adopts an approach based on continual improvement and is consistent with that of the ISO 9001 Quality Management System and risk management.

Even if applied to the circumscribed case of a company, certification of conformance with the ISO/IEC standard shows a high managerial and organizational standard, which goes well beyond the technical and operating one typical of information and technological security solutions.    

As in previous years, in 2010 no complaints were recorded regarding violations of privacy or imprudent use of personal data by unauthorized users.