Cybersecurity

Introduction

ISEO, designated as an Essential Entity under the NIS2 Directive, regards information security as a strategic pillar to protect customers, partners and stakeholders. Our Governance, Risk & Compliance (GRC) framework – based on the NIST Cybersecurity Framework (NIST CSF), the Italian National Framework for Cybersecurity and Data Protection (FNCDP), and ENISA guidance – is coordinated by the Corporate Information Security Officer and ensures alignment and maintenance of compliance of our ISO/IEC 27001:2022–certified Information Security Management System (ISMS) with NIS2 requirements and, where applicable to our market and to customers’ supply chains, also with DORA. We additionally consider the main relevant European acts (e.g., CRA, CER, Data Act). We operate with a structured approach grounded in risk management, resilience and continuous improvement.

Confidential information

We value our customers and pursue long term relationships. As an NIS2 Essential Entity, we must act in accordance with European directives: the sharing of confidential information is strictly prohibited, for the protection and benefit of our customers.

Governance and roles

ISEO’s security governance rests on clear roles and responsibilities aligned with European requirements. The Corporate Information Security Officer serves as the official Contact Point with the Italian National Cybersecurity Agency (ACN), coordinating incident notifications and formal communications. The Board of Directors retains ultimate accountability, ensuring that security is embedded in strategic and business decisions.

Progress and continuous improvement under NIS2

Completed initiatives include ISO/IEC 27001 alignment and certification, policy modernization, reinforcement of Microsoft 365 and the perimeter, the appointment of a dedicated Corporate Information Security Officer and the creation of a specialized team for infrastructure and product security. Ongoing improvement covers the implementation of a SIEM with 24/7 SOC coverage, recurring vulnerability assessments, monthly penetration tests, and threat intelligence. These activities confirm ISEO’s long term commitment to enhancing its cybersecurity posture under the NIS2 framework.

Conclusions

As an Essential Entity under NIS2, ISEO maintains compliance with European security and resilience standards. This confirms ISEO’s role as a trusted partner for protection, continuity and resilience.