Digitalisation and computerisation are among the enabling levers that will allow the Group to grow in line with the objectives stated in the 2030 Business Plan, which envisages a significant increase in investments (around 600 million Euro over the plan period) and operating costs to support the Group’s digital transformation and development process.
In particular, investments will be dedicated to technological initiatives to:
- raise levels of cybersecurity;
- consolidate the transition to a data-driven approach by adopting a new organisational model that supports processes and effective data management;
- consolidate the business continuity strategy, through the progressive divestment of servers in favour of the use of data centres that guarantee continuity, thanks to data centres redundancy, and of the cloud for greater flexibility;
- develop the Internet of Things (IoT) through the use of 5G connectivity (sensor and field data transmission in both plant management and distribution networks) and 6G connectivity (applicability study and preliminary activities). A pilot project is planned in the management of smart dumpster sensors and data transmission of the smart metering network.
Technological initiatives will be integrated by functional initiatives to:
- enable businesses through digital transformation programmes, use of sensors, IoT platforms, wearable devices, predictive maintenance, and creation of customisation programmes for customer offers;
- digitalise processes through warehouse management software, systems for digitalising customer transactions, and integration of digital identity and electronic signature systems.
A number of actions in these areas to improve operational efficiency were initiated and continued in 2021:
- the implementation of efficient management systems for company fleets and personnel processes;
- the introduction of digital tools, such as on-board computers on waste collection vehicles, smartphones and smart containers, which make it possible to optimise plant planning and waste logistics (Just Iren);
- the review and standardisation of the processes and information systems supporting the technical-commercial activities of the management of the distribution networks (Iren Way);
- the redesign of the entire management and customer relationship process (Market Transformation programme).
In telecommunications, 2021 also saw a major increase in bandwidth usage for internet connections, especially to cloud providers. Technological upgrading of the main network nodes was planned and the equipment of the Turin metropolitan network backbone was replaced. The replacement of security equipment with new Next Generation Firewalls was completed, both to improve network traffic control and to comply with new regulations. Equipment upgrades were conducted with the goal of improving performance, cybersecurity, and monitoring, control, and resiliency mechanisms. Finally, new services were tested to make the most of the new technologies implemented: the creation of private networks with SD-WAN technology and experiments to facilitate disaster recovery projects and the cloud-based remoting of data centres.
Particular attention is paid by the Group to activities in the field of cybersecurity, thanks to the definition and adoption of organisational models, procedures, security measures and technological tools to reduce vulnerabilities and mitigate threats.
Given the importance of the issue, the Group has adopted a cyber risk policy that defines the principles, provides guidelines on the subject and outlines roles and responsibilities in order to achieve an adequate level of protection of information, starting with the technical and organisational actions identified that concern:
- identification, classification, and management of information and assets;
- cybersecurity awareness and culture;
- use of computing devices and software;
- access control;
- physical and environmental security;
- communications and systems security;
- information exchange and cooperation;
- cybersecurity incident management;
- relationships with third parties;
- insurance coverage.
Consistent with this approach, the Group works to ensure the design of inherently secure systems, as well as monitoring (24 hours a day) and analysing all cybersecurity events to ensure timely interventions in case of issues. In this context, the National Cybersecurity Perimeter Risk Assessment and Analysis project and an awareness campaign on cybersecurity issues, directed at all employees, were implemented in 2021 (see page 236). In addition, the implementation of an enhanced authentication system for access to systems was completed with the adoption of a tool for the management of privileged users.
The Group has obtained ISO27001 certification and extended it to the main Group companies in 2021, with related risk analysis of IT assets. The certification defines the requirements for setting up and implementing an information security management system.