Information security


In its capacity as the TSO, Terna possesses confidential data of the users of the transmission and dispatching services – in particular electricity producers and traders – in its database.

Considering the significant commercial value of this information, Terna uses the best practices for protecting confidential data to prevent the information in its possession from being accessed by or communicated to third parties that are not entitled to them. The same is true of the data collected from the companies concerned to produce the industry statistics, a task performed by Terna as part of the National Statistics System.

To further improve the reliability of its database, in 2008 the Company implemented the Disaster Recovery project, which provides it with a clone infrastructure that is activated in the event the IT infrastructure containing critical information fails.

The level of protection of information and the IT systems was raised in 2009, thanks to the first results of the programme for improving information security governance initiated by Terna in 2008.

In particular, with respect to the regulations on privacy, in 2009 the Company created an e-mail address to which people who wish to exercise the “Right to access personal data and other rights” can turn.

As far as companies and others in the industry authorised to access certain specific corporate applications are concerned, in 2009 Terna began the distribution of new authentication instruments, i.e. digital certificates issued by the Company’s public key infrastructure. As a Certifier, Terna is authorised to issue digital certificates, which enable it to improve the protection of the data entrusted to it by the issuers of the transmission and dispatching services and with it trust in Company-customer relations.
The 231 Organisational Model adopted by Terna was supplemented to introduce measures against new kinds of crimes, such as IT crimes and the illegal processing of data in an electronic format.

Neither in 2009 nor previously were there any complaints regarding the violation of privacy or imprudent use of data of network users.