INFORMATION SECURITY MANAGEMENT SYSTEM POLICY
Regulatory Pharma Net S.r.l. (RPN), as partner of many pharmaceutical companies, manages hundreds of multi-task projects, offering regulatory, strategic and operational support, assisting in the development, registration, launch and life cycle management of medicinal products, medical devices, biocides, food supplements and cosmetics.
In order to provide the best service possible for its clients, RPN has adopted an Information Security Management System (ISMS) aligned with the best practices and international standards to protect the information assets from threats and to be even more trusted by the clients and society.
- Establishment of Information Security Management System
According to the definition of the international standard ISO/IEC 27001:2017, information security is characterised by safeguarding its confidentiality, integrity and availability.
RPN’s security programme is implemented, monitored, maintained, improved and documented consistently for the purpose of the business. To ensure maximum compliance with the security program RPN has identified personnel responsible for the implementation of compliance controls in all areas of the company.
In order to guarantee the quality and security of the services provided, RPN has designed an ISMS model based on:
- Information security risk management achieved through the application of shared models, referable to recognised international standards;
- Identification of organisational roles and responsibilities specifically involved in ISMS surveillance;
- Continuous awareness of all staff on IT security;
- Continuous monitoring of the effectiveness and efficiency of the ISMS through the definition of a system of indicators and their periodic measurement.
To meet safety standards RPN uses equipment designed with high levels of safety and subject to regular maintenance; to ensure the confidentiality of information, internal and external communications are managed using certificates and encryption algorithms and constantly applies up-to-date IT and OT security methods to reduce risks and address vulnerabilities in compliance with relevant regulations.
- References to regulatory aspects
All relevant mandatory and contractual requirements have been identified by the organization and a process has been structured to ensure that:
- Regulatory updates on data protection (GDPR – EU Regulation 2016/679, ISO 9001, ISO 27001) are available and known to the management and the competent company functions;
- Appropriate updates are made to the operating procedures and company information systems in order to comply with current legislation (Compliance);
The RPN Manager for ISMS ensures the monitoring and approval of the implementation of regulatory updates in the company.
- Safety culture and policy and Leadership commitment
RPN is committed to spreading a culture of information security within the company. This effort starts by defining roles and responsibilities and maintaining awareness, moreover it extends the company’s security culture to all personnel and third parties (partners, suppliers, customers) through the dissemination of comprehensive and easy-to-understand data security procedures and policies.
RPN Management encourages the development of a corporate culture of information security and is committed to providing the necessary resources for the implementation of an effective and efficient ISMS.
- Risk analysis and management
To ensure continuous monitoring of information security and to keep risks at an acceptable level, RPN has adopted an objective periodic risk analysis methodology that allows an overall assessment of the information system and guarantees adequate protection measures.