RISK MANAGEMENT

Risk analysis, assessment and management is the basis for effective management of physical, logical and process security.

Inspired by the main international best practices, such as ISO31000, COSO ERM, and NIST SP800-30, this activity allows to build an analysis and consistent management of the risks to which the processes, sites, infrastructures or corporate information are subject. The activity is carried out by adopting the most suitable methodology of risk analysis to the context of reference, following the practices recommended by ISO31010, or if necessary, defining ad-hoc methodologies functional to the objectives of the customer.

The analysis is carried out by adequately understanding the perimeter of the analysis, from an organizational, process and infrastructural point of view, in order to fully identify the threats to the results that the organization has set for itself; to this end, we do not limit ourselves to documentary evaluations, but carry out interviews with the main actors, observations of the process and inspections of the places where the activities are carried out. All the information gathered is aggregated, providing the necessary basis for proposing risk treatment options and related risk reduction measures.

It is important to note that this is a very important part of the firm's work, and it is important that the firm's employees are aware of this. To this end, a risk treatment plan is drawn up. In this plan, specific relevance is given to those elements that not only generate a risk, but also cause non-compliance with applicable standards and legislation.