We give emotions
since time immemorial.
Endless attention
for every detail.
Looking at
the future.
Looking at
the future.
Achieving ISO/IEC 27001:2022 certification has been a journey that required the implementation of 93 organizational and technological controls appropriate for risk assessment.
Here you will find some information related to this achievement, which is just the beginning of a path that we want to pursue with determination and transparency.
INFORMATION MANAGED BY ALPITOUR S.P.A.
The information that Alpitour S.p.A. manages is of various types and covers different aspects of the company's operations.
The Information Security Management System (ISMS) ensures that this information is classified and managed in a way that access is properly restricted to authorized individuals only, ensuring its integrity and timely availability when it is necessary to use it.
The main categories of information within the corporate perimeter of Alpitour S.p.A. concern, for example, customers, collaborators, distribution channels, tourism and non-tourism suppliers and various types of consultants
THE THREE PILLARS OF SECURITY
To achieve certification, the Information Security Management System must ensure the protection of information along three fundamental pillars, summarized by the acronym CIA, which stands for:
Confidentiality: Information must be accessible only by authorized individuals.
Integrity: Information must not be altered or deleted, either accidentally or maliciously.
Availability: Information must be available to authorized individuals at the time it is needed.
CERTIFICATION PATHWAY
The organization that conducted the official audit is BM Certification, which will accompany Alpitour S.p.A. for the entire duration of the certification by performing surveillance audits on an annual basis.
Like all similar certifications, ISO 27001:2002 is just a starting point to ensure maximum security for all those interfacing with Alpitour and will be developed and maintained over time.
