Protecting and Adding Value to Data
Responsible data management
The availability and proper use of personal data by insurance companies lies at the heart of the process to create and develop innovative products, services and solutions that respond to the actual needs of our customers. The creation of shared value for Unipol and for the community in which Unipol operates assumes the existence of a transparent, balanced relationship between the parties: this is the only way to realise the great social and economic development opportunities connected to the analysis of data.
The commitment of the Unipol Group to protect and add value to the personal data are contained in the “Policy to protect and add value to personal data” approved by the Board of Directors with the aim of consolidating the trust that customers and all stakeholders have in the insurance company.
Cyber security
The Group Information Security Policy defines, also in accordance with the provisions of the ISO 27001 standard, the guidelines on cyber security, which support the implementation of the cyber security strategy and provide for the adoption of physical, logical and procedural security measures aimed at ensuring, for the information processed through the IT systems, appropriate and consistent protection throughout its entire lifetime.
The Governance, Standards, Continuity and IT Systems Security function, on the staff of the Group Chief Information officer, operates in liaison with the IT operating functions for the correct implementation of company cyber security guidelines, in alignment with the Control Functions and the DPO for adopting regulations and assessing the action taken to implement them.
The Chief Information Officer and the Head of the Governance, Standards, Continuity and IT Systems Security function report annually to the Board of Directors of the Parent and of the Companies falling within the scope of the Information Security Policy, as well as to the Control and Risk Committee of UnipolSai and Unipol Gruppo, to the extent of their responsibilities, with respect to the state of corporate cyber security in the reporting period. Note that no specific board member has been appointed to oversee cybersecurity, but the entire board approves the Information and Communication Technology (ICT) and security strategic plan and its progress.