ISO/IEC 27001:2013

The ISO/IEC 27001:2013 is an international standard aimed at implementing an Information Security Management System (ISMS) aligned with the company’s business requirements. It addresses the risks related to the organizational, technical, and legal aspects of security, in order to provide a complete framework for implementing a structured governance process, in compliance with internationally recognized best practices. Briefly, the ISMS is based on an initial risk assessment and on the following deployment of remediation strategies, aimed at reducing the identified risks within an acceptable threshold.

Thanks to its ten-year experience in the security field, @ has developed a complete offer aimed at supporting any kind of Client with the implementation of an effective information security management strategy. Such offer covers all security, legal, and business requirements and allows to face any information security problem. This approach to continuous security improvement can be tailored to different needs and its compliance with ISO/IEC 27001:2013 can be formally certified.



The consulting service described above can be tailored to different Clients, depending on the maturity of the processes they have put in place. Thanks to its broad experience in the field, @ can either start from scratch or optimize already existing and consolidated processes. Furthermore, the level of detail can also be adjusted, depending on the Client's security needs and on the size of the scope defined for the ISMS. Such scope can be expanded with time.

Operational references

The main reference is the ISO/IEC 27001:2013 standard, together with related guidelines such as ISO/IEC 27002:2013, 27005:2008, and others currently in development. As lead contributor to these standards in Italy, @ can provide complete and always up-to-date consulting solutions.


Optional services

@ recommends, as an opportunity to optimize and broaden the relevance of the results provided by the described service, the following additional options:

  • Contracts review - analysis of the technological and legal security requirements within contracts in place with clients and service providers;
  • COBIT compliance - integration within the ISMS of IT processes, activities, controls, and performance indicators defined by the COBIT framework;
  • ITIL compliance - integration within the ISMS of IT processes and subprocesses defined by the ITIL specification and related to information security management.

ISO/IEC 27001:2013 - 478,92 kB Download the service datasheet.