Our client is an historical Italian group, active from decades in the telecommunications and ICT sectors. The company provides its services to a broad panorama of customers, from users/consumers, to top business enterprises and even several Government Bodies.
In particular, the services portfolio extends to various fields, such as:
Network infrastructures, Network Services, Connectivity, Mobile, Cloud, Cybersecurity, IoT.

In order to comply with the requests of the market and with both National and International Legislation on the matter, our Client (a specific Internal Auditing Corporate Function) was commissioned to support all the units within the Organization who needed to obtain "Security Certifications" such as: ISO/IEC 27001 - ISO/IEC 27017 - ISO/IEC 27018 - ISO/IEC 27035; ISO 22301, CSA Star and PCI-DSS.

To this purpose, the Client needed to interact with a very different and dynamic corporate environment, including financial structures, data centers, cloud service providers, security functions (both physical and cyber) etc…, that were also constantly evolving and mutating (structural and organizational changes).
This challenging task needed professionals capable of communicating with all the different areas, from pure technicians to high level management, and capable to deliver the results within a very short timeframe and throughout a stable effort.

Despite they had the technical skills to fulfill the tasks, under these challenging circumstances our customer needed to receive some outsourced support. BIP CyberSec offered its consolidate experience on the matter, thanks to professionals endowed with both technical and managerial skills, capable of govern and perform the required tasks also by training and guiding the client resources in the process, being fitted to work in very complex and evolving context with a costant effort and in very short time.

Mainly, we supported our client by providing a work methodology suited to sustain the broad and various work landscape ahead. More precisely, we took care of:

• carrying out PMO Activities, such programming and organizing the certification path for all the business area who needed it;
• producing all the documentation mandatory for every certification path (scope, audit program, audit report, asset model, impact analysis, risk assessment, risk treatment plan etc…)
• enhancing the technical tools owned by our client, like adapting their Impact Analysis and Risk Assessment tools to different new requirements through time, without altering the results and functions;
• providing a more efficient work method, which allowed to handle increasing challenges without mutating the effort (i.e. being able to manage a growing amount of certification paths without adding more resources, just by optimizing the method). In 5 years, we’ve been able to guide plenty of Corporate Functions throughout the certification path, covering hundreds of processes/services, always with the same men power;
• implementing a management reporting process, capable of providing the top management with a proper awareness of all the risks highlighted during our activities, allowing the organization to improve continuously;
• supporting the relations with the Certification Bodies and external Authorities.

Our resilience to adapt to every growing challenge, de-escalating and facilitating every difficulty, took a great role in renewing the collaboration with our client. During the last 5 years, we grew together fulfilling both professional and personal outcomes that highlighted in the company successes.
In five years with our support, our client increased its work value, growing from just few processes certified to ISO/IEC 27001 in 2018, to certificate almost a hundred processes with different certification schemes (ISO/IEC 27001-27017-27018-27035 / ISO 22301 / CSA-Star / PCI-DSS).
Thanks to all these new objectives achieved, not only our client but the whole Company, were able to increase their security posture and meet the requirements for a much broader business opportunities panorama, gaining tens of new contracts both in the private and the public sectors.
Plenty of benefits were also achieved from an internal standpoint, as the resident resources were empowered with new methodologies, new areas of expertise, more work confidence and more effective tools. We’ve been able to involve and make the top Management aware of all the security risk we encountered, not only by providing effective reports, but also by involving other Company Functions into the Security Process and gaining so a broad and interconnected point of view.