To protect data and information from threats of all kinds in order to ensure integrity, confidentiality, availability and provide requirements for adopting an adequate information security management system (ISMS) aimed at proper management of sensitive company data.

• Access to tendering processes;
• Distinguishing oneself from competitors;
• Achieving a high level of information security within the company, minimizing the risks of technical vulnerabilities (management of email, control of external Internet access, backup, antivirus, firewall);
• Maintaining constant control over the most risky processes in data exchange with customers or suppliers, and therefore providing greater legal protection for the company.

From data loss to unauthorized access, from virus attacks to e-commerce, from cyber piracy to disaster recovery, ISO 27001 allows for a careful assessment of all risks to the business and the different types of managed information, highlighting areas where improvement is needed.

Information protection involves ensuring, through controlled management of business processes, the desired levels of:

· Confidentiality - protecting information from unauthorized access;

· Integrity - safeguarding the accuracy and completeness of information;

· Availability - ensuring that data and information are accessible when required.

The macro areas of intervention are:

· External - computer access to the outside world;

· Internal - Use of email, use of the internet by employees;

· Company IT architecture - accessibility to software, hardware used.

When it comes to data, it is fair to define the main difference between the Privacy Regulation and the certification standard for the management system for data and information security according to the ISO 27001 certification standard in general.

The first protects sensitive personal data, while the second protects all types of information, requiring that applicable legal requirements be applied.

The second also takes into account the company's business data and intellectual property, which must be safeguarded for the customer organization's interest.

At the same time, however, it does not exempt the company from complying with the minimum security measures and producing the documentation required by GDPR Privacy law, for which ISO 27701 exists as a standard.