Protecting corporate data means protecting a company's know-how, experience, history and competitive advantage.

The exponential growth of information to be managed and its ever-increasing criticality require a structured and professional approach to backup and protection issues in order to minimize operational risks while maintaining a high focus on investments and available resources.

We make our expertise available for the identification, definition and implementation of the most suitable backup and data protection solutions in order to ensure their integrity, availability and confidentiality.

We accompany companies in the definition of:

• Needs and requirements analysis.
• Appropriate data protection, protection, backup and archiving logics.
• Planning, scheduling and retention policies required by the organization and its work processes.
• Replication/remoting of backups to geographically distinct sites.
• Efficient compression, deduplication, encryption and transmission methods.
• Safekeeping of data and media in secure environments (cloud, physical, on-site, off-site).
• Definition of recovery metrics and requirements.
• Specific virus/malware/cryptolocker protections.
• Long-term archiving.
• Disaster Recovery/Business Continuity plans.

We propose firewalls/perimeter security solutions based on the most innovative technologies, commercial or open-source, that guarantee a high level of network protection against intrusions, unauthorized connections and cyber attacks.

The proposed solutions:

• Are extremely flexible and allow extensive customization (access policies, network/service segmentation, exception management).
• They allow shared, profiled (through the assignment of specific policies for the types of corporate users), optimized and protected Internet access, also with the help of content-filtering systems to protect browsing.
• They allow VPN (Virtual Private Network) to be configured both in point-to-point mode (for connecting the LANs of different locations) and in smart-working/teleworking mode.
• They provide for a simple and comprehensive administration and management web console.
• They offer consultation of advanced statistics.
• They integrate with existing systems, improving their security and safety.

Any endpoint device - PC, smartphone, tablet - capable of connecting to a corporate network poses a potential threat to data and systems security.

We provide and configure comprehensive and effective solutions under all operating conditions to ensure the highest level of protection of data, systems and users.

Solutions can be delivered both on-premise and cloud-based and integrate EDR systems, which enable real-time monitoring, detection and response to the most advanced threats and attacks.

We offer data protection and protection services with a focus on enterprise mail systems to protect systems and users from possible attacks and intrusions. We use innovative state-of-the-art content-filtering/antivirus/antispam/backup and archiving systems that we configure, manage and monitor on behalf of our clients.

The configured protection systems are completely transparent to mail flows and enable optimal and secure management of traffic volumes in transit on customer systems, whether cloud or on-premises.

The service is profiled to specific customer requirements.

We develop Disaster Recovery plans aimed at ensuring, through the adoption of suitable technological measures and appropriate organizational processes, the possibility of restoring business information systems even in the face of force majeure events.

A Disaster Recovery plan defines and collects all the measures taken, including the technical procedures necessary to replicate data and applications in a secure environment, which can be activated in the event of a major incident/compromise/unavailability of production systems. The introduction of a Disaster Recovery plan: 

• Minimizes operational risks.
• Enables alignment with compliance requirements.
• Improves corporate reputation.
• Is preparatory to the establishment of a comprehensive and effective business continuity plan.

We offer consulting for the definition and implementation of Business Continuity Plans aimed at ensuring business continuity of the company in the face of force majeure events.

We identify needs, potential risks, and critical issues in business processes and develop a contingency plan that:

• Enhances the organization's ability to respond and adapt in the face of disastrous events.
• Ensures that the company can continue to operate in the face of the sudden unavailability of data, services, applications or infrastructure, according to the logic defined in a Disaster Recovery plan.
• Guide choices in the event of a crisis.
• Minimize outage times.
• Ensures the effectiveness of recovery procedures.
• Provides for stringent and predetermined RTO (Recovery time Objective) and RPO (Recovery Point Objective).

We offer support and advice to companies that need to adhere to compliance standards, regulations and standards.

We are qualified partners to audit, analyze, define and implement the following regulatory frameworks, regulations and best practices:

• EU 2016/679 - General Data Protection Regulation (GDPR).
• Legislative Decree 231/01 - Discipline of the administrative responsibility of Entities.
• Legislative Decree 56/04 - Prevention of the use of the financial system for the purpose of money laundering.
• ITIL Framework.
• Isaca – IT Audit Framework.
• ISO 9000:2015 - Quality management systems.
• ISO/IEC 27001 – Information security management.
• ISO/IEC 20000-1:2018 - Information technology — Service management: management systems.
• ISO 22301:2019 - Security and resilience – Business continuity management systems.
• Cybersecurity Framework Version 1.1.
• PCI/DSS - Payment Card Industry Data Security Standard.
• SOX - Sarbanes Oxley.
• Solvency II.

In a global context in which access to information must also be guaranteed and protected for those who work on the move and with different devices, we propose solutions that allow all users to operate on company data and systems in a secure and high-performance way.

The access, authentication and profiling systems integrate with the client's information systems (Microsoft Active Directory | Azure AD | Google Cloud | LDAP); they are reliable, secure and scalable, use the latest technologies, are centrally manageable with ease and offer the following features:

• Multi Factor Authentication (MFA).
• One Time Password (OTP) via Authenticator App/SMS.
• Single Sign On (SSO)
• Access via security certificates.
• Biometric systems management.
• Integration via SAML protocol.
• FIDO (Fast IDentity Online) | FIDO2 support.
• Windows Hello for Business.
• Monitoring and reporting.

Proper digital information management involves the definition and adoption of appropriate data deletion procedures.

Every device, every storage medium, even if no longer functioning or decommissioned, may contain confidential information that must be removed for the purpose of compliance with the latest privacy and security regulations and adherence to the most popular information management and security frameworks (GDPR, SOX, ISO27001, PCI-DSS, HIPAA).

We manage secure data erasure and destruction procedures on all types of media/devices, ensuring:

• Documented and certified procedures.
• Detailed reporting.
• Compact and secure logistics management, on-site and off-site.

In relation to the application of the new European GDPR (General Data Protection Regulation- EU Regulation 2016/679), in force since May 25, 2018, the need for rigorous tracking of digital identities becomes increasingly evident.

Certification, by means of digital signature with legal value, of the identity of the signer of a document is among the tools whose application will have to become increasingly widespread within public and private business realities.

For this reason Sinapto has chosen to become a partner of Aruba PEC S.p.A. and provide the remote digital signature service. As part of the partnership Sinapto has achieved certification for O.D.R. (Operator of Registration) operators.

The service can be integrated within all software made and provided by Sinapto.