Smitec safeguards the cyber security of its IOT solutions
Ensuring the safety and privacy of data has become a primary goal for developers of industrial automation solutions. With data communication via Ethernet and and the diffusion of virtual control rooms, industrial devices are prone to be as vulnerable as personal computers.
Smitec uses several technologies to ensure the highest level of cyber security for customers choosing its IOT solutions. In particular, SMYIOT uses an IOT platform, a cloud solution and communication protocols that provide high security standards and constant interventions for their maintenance.
Considering the path that brings the data from the machine on field (4G modem) to the running IOT platform, cyber security is considered satisfied and ensured over time by the choice of solutions such as AWS, AZURE, GOOGLE and ORACLE. Access to the data stored on the IOT platform and the relevant web services is only available to authorized accounts registered in a specific database. Data security and confidentiality are also guaranteed by the use of the HTTPS communication protocol.
Industrial cyber security includes the set of means applicable to factory automation and aimed at making control systems such as PLC, SCADA and HMI immune from cyber attacks. In fact, these are the devices that most deserve attention from companies, being the core of production processes and Industry 4.0.
The cyber security of the path that brings data from the machine on field (4G modem) to the IOT platform running in CLOUD is constantly ensured by the use of reference solutions such as AWS, AZURE, GOOGLE and ORACLE and protected protocols such as HTTPS.
Lawfulness of processing All activities relating to personal data processing shall be lawful (consent, contract obligations, vital interests of the data subject or of third parties, compliance with legal obligations to which the controller is subject, public interest or exercise of official authority, legitimate interest pursued by the controller or by third parties).
Information statement The information statement has been improved and updated to the new regulations (art. 13 and 14 GDPR).
Rights of the data subjects (right of access, right to erasure-right to be forgotten, right to restriction of processing, right to object, right to data portability) Technical and organization measures have been adopted to ensure the data subject's exercise of his rights and to meet the data subject requirements.
Controllers, processors Based on the new principle of “accountability”, SMI Group organization was re-defined, in order to proactively ensure integral compliance with the Regulation. Redefinition of the role of data processors and service suppliers whose activity implies personal data processing.
Risk of data processing; accountability measures taken by controllers and processors (Impact assessment, record of processing activities, security of processing, data breach) The “Conformity document”, including records of data processing activity, plans, adopts and demonstrates all technical and organizational measures taken to adequately perform the data processing activities and specifies the necessary procedures to be adopted to notify data breach.
Transfer of personal data to international organizations Smitec adheres to the general principles and guarantees concerning the transfer of personal data to third Countries.
The Controller is: SMITEC S.p.A. Head office: Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA VAT nr: IT03790400166 - R.E.A. BG-408704 For further information, write to: email@example.com
According to the European Regulation 679/2016, the data subject is entitled to exercise the rights set forth in the Regulation. The integral version of art. 15; 16; 17; 18; 20; 21; 77 of the European Regulation is attached to this document.
Smitec S.p.A. IVA SMI INDUSTRIES Group Headquarters: Via Carlo Ceresa, 10 24015 San Giovanni Bianco (BG) ITALIA Registered office: Via Monte Grappa, 7 - 24121 Bergamo (BG) - ITALIA VAT: 04471940165 - TAX code: 03790400166 - R.E.A.: BG-408704 Share capital: Euro 200.000 i.v.