Page 48 - enav_27052016
P. 48

Report on operations

services of the airport in Treviso S. Angelo towards the end of the first semester,
and those of the airport in Brindisi in December. In addition, the taking over of air
navigation services of Rimini Miramare Airport are planned to be taken over by the
Company towards the end of 2016.

Legislative Decree No. 196/2003

In 2015 a document on the subject of minimum security requirements as provided
in the Legislative Decree No. 196 of 30 June 2003 was produced. The document was
undersigned by the Entity that is responsible for the processing of personal data and
it constitutes the minimum level of security that must be adopted to ascertain the
minimum level of protection of personal data in the event of processing performed
with or without electronic means. It contains information regarding the security
measures related to the processing of personal data in the company.
Risk analysis related to ENAV personal data was conducted in the context of the
analysis of the information security risk, as required for ENAV’s conformance with
27001/2006 certification.
The information that is subject to Italian legislation on privacy is assessed under the
Privacy domain using the MAGERIT methodology developed for the Spanish Ministry
of Public Administration in 1997 by the Spanish National Intelligence Centre and the
Spanish National Cryptographic Centre.
In 2015 the Company conducted a focussed analysis on the management of sensitive
data for the purpose of checking the adequacy of the countermeasures applied
within the bounds of the law. No critical issued emerged from the exercise and it was
not deemed necessary to issue any recommendations in this domain.
During the year, activities incumbent on the Company were carried out as provided
in the 2015 Risk Treatment Plan.
For the purpose of producing repeatable results that are compatible with the levels of
Quality and Safety as required by the existing Company Certifications (ISO 9001 and
ISO 27001), a document was prepared with an analysis of the functional requirements
that are useful for setting up a privacy procedure related to the application of the
Legislative Decree No 196/03 in ENAV.
In concert with the Management Information Systems and the Security Departments
and as required by Italian law, security measures to protect personal data were
constantly monitored. Such security measures are listed in a System of Rules of
the Security Management System that is constantly and contextually checked and
updated.

                                                                                                        ENAV - Annual financial report 2015 47
   43   44   45   46   47   48   49   50   51   52   53