EY Security

EY Security is an intelligence and risk management company supporting organisations in developing their business.

EY Security offers a wide range of services and products aimed at protecting tangible and intangible assets. We provide innovative technological solutions and advanced consulting services in the field of intelligence, travel security and compliance management.

The team

Fabrizio Santaloja

Fabrizio Santaloja

Managing Partner Europe West Leader and EMEIA Market Leader - Forensic & Integrity Services

Umberto Saccone

Umberto Saccone

Senior Advisor - Europe West Leader Employee & Physical assets (EPA) Security Risk Management

Romolo Pacifico

Romolo Pacifico

Partner Security - Forensic & Integrity Services

Our offering

  • Travel protection & Emergency management​

    We support customers in case of travel to at-risk areas, providing 24/7 assistance and close protection services with global coverage.
    The services provided include:

    • Identification of accommodation facilities where effective security standards are in place;
    • Consultancy and assistance with bureaucracy and banking operations;
    • Crisis and emergency management assistance from local consultants

  • Security management Outsourcing​

    IFI Security provides customers with our expertise to help them outsource corporate security tasks and responsibilities in both formal and operational terms.

    Outsourcing security management allows companies and organisations to:

    • Rely on multidisciplinary skills and ensure optimal crisis and security management;
    • Rely on professionals with national and international experience for organisational, operational and compliance support;
    • Make their internal processes more effective and create a virtuous security management cycle;
    • Reduce costs and tax burdens resulting from the internalisation of security management roles and responsibilities.

  • Security Compliance Assessment & Support

    We check legal compliance to help organisations set effective security management policies in accordance with the law. Our compliance assessment and support services are designed to identify any gaps or, more generally, any opportunities to improve organisational systems and processes and make them more effective. The aim is to ensure compliance with national legislation and international best practices and protect top managements against any legal consequences in the event of adverse events.

    The compliance service consists of two phases:

    • Preliminary business and organisational context analysis, by means of desk reviews and interviews with any managers and executives concerned. 
    • Identifying the main areas of intervention and setting a targeted and effective mitigation strategy.

  • On-site Security Assessment

    We carry out security assessments in and outside Italy. Our approach is in line with the best international standards.

    EY IFI Security’s specialised personnel engages in security assessments at various types of sites (office complexes, production sites, ports, airports, hotels, pipelines, etc.) in and outside Italy, in line with industry best practices and the highest internationally recognised standards.

    The aim of on-site security assessments is to provide a detailed overview of the security status of the assets being examined, with a view to helping employers set effective corporate mitigation strategies and plan risk assessment activities pursuant to Legislative Decree 81/2008.

    The security assessment process consists of the following phases:

    1. Local context analysis
    2. Site description
    3. Threat analysis
    4. Vulnerability assessment
    5. Security risk assessment
    6. Identification of risk elimination/mitigation measures (Mitigation Plan)

  • Security Threat Assessment​

    The planning of travel or activities in complex areas cannot be separated from detailed security context analysis for local business-impacting dynamics to be identified.
    The IFI Security analysis unit draws up specific insights providing a clear picture of the main threats to be mitigated to secure on-site business.
    By means of a database with tens of thousands of georeferenced events, classified according to preset parameters, IFI engages in real-time analysis of the threats.

    IFI Security’s security threat assessments are:

    • Extremely accurate, thanks to extensive local context knowledge and support from our partners and providers;
    • Objective and customer-oriented approach, the result of solid and certified processes.

  • Security Training​

    We make sure personnel operating in high-risk areas are always safe by means of targeted training courses in accordance with the law.

    The courses provide skills to effectively manage security and teach behavioural and organisational rules, in line with applicable regulations and international best practices.

  • Security intelligence

    We support our customers in identifying and constantly monitoring potential threats to their people, assets and reputation.

    The service is based on advanced technological tools. The results of the monitoring process form the basis on which IFI analysts perform periodic assessments for top managements with information on trends and any issues arising during the monitoring activity.

    The main features of our monitoring and analysis service include:

    • Customer-tailored intelligence advice;
    • Accurate and constant monitoring of indexed sources, as well as of the deep and dark web;
    • Regular updates and specific warnings in case of potential significant threats.

  • Sectra 24

    Sectra24® is an innovative travel security platform designed to ensure optimal travel management.

    • Automatic monitoring: Can be supplemented with travel agencies and the main global distribution systems (GDS), featuring real time and automatic monitoring of all personnel movements;
    • Customizable: Is easily customisable and can be supplemented with third-party systems via API and other data import/export methods.
    • Risk indexes: Gives access to constantly updated risk indices (Security; Health; Environmental) for proper travel planning;
    • Risk assessment: Features reports on over 200 countries and dozens of regions worldwide (in Italian, English and Spanish), allowing organisations to inform their staff of potential travel security threats;
    • Real-time Alert: Sends real-time alerts on health, environmental, political and security events (pandemics; terrorist attacks; civil unrest; transport strikes; etc);
    • Multilingual: Is available in Italian, English and Spanish.

    The Sectra24® APP can be downloaded from the Apple Store and Google Play.

  • DERM

    DERM® is EY Security’s command and control platform designed to support organisations in assessing and managing security risks affecting assets and projects in and outside Italy.

    The system combines risk management expertise and specific analysis and intelligence skills. DERM® allows organisations to:

    • Map, constantly monitor and classify all company assets;
    • Assess risk level, in terms of external threats (terrorism, crime, socio-political instability), vulnerability (relating to both security systems and organisational and procedural aspects) and business-impacting issues;
    • Clearly identify roles and responsibilities (hierarchical management);
    • Centralise risk management activities and offer employers a detailed and updated overview of the risks which their companies are exposed to;
    • Support all risk assessment phases, in line with the Italian legislation on health and safety at work (Testo Unico sulla Salute e Sicurezza sul Lavoro).

    The platform, available in Italian, English and Spanish, features a 24/7 notification system for events that could endanger asset integrity and the safety of people, with a view to supporting business continuity and disaster management activities.

    The alerts, that are georeferenced and classified by level of severity, bring security managers up to date with international events, so that they can take targeted and effective actions to protect their assets and people.

    The ‘DERM’ App is available on the Apple Store and Google Play.

    DERM® platform has 2 different modules: TH.E.SYS® (Threat Evaluation System) e VAT (Vulnerability Assessment Tool).

    • TH.E.SYS®

      TH.E.SYS® (Threat Evaluation System) is the tool developed by EY Security – backed by Italy’s National Research Council (CNR) – to objectively and quantitatively assess external threats posed by phenomena including terrorism, organised crime, violent crime, piracy, political instability, corruption and poor human rights protection.

      The system combines quantitative techniques (‘raw data’ processing, standardisation of international quantitative risk indices, etc.) and qualitative analysis carried out by the IFI analysis unit.

      TH.E.SYS® is based on a calculation model measuring country threat, according to the different numerical values ​​expressed by 29 analytical indicators, divided into four different risk groups (terrorism, crime, ethics and politics). The total value is expressed on a continuous scale consisting of 5 ordered alpha-chromatic intervals. The aim is to help decision makers do their job.

      The TH.E.SYS® fact sheets are available for 202 countries and over 100 substate entities (so-called jurisdictions, having different threat levels than the national average or, in any case, distinct political and/or security features), and are available in Italian, English and Spanish.

      TH.E.SYS® is designed to help organisations set policies based on objective parameters to protect and drive their investment strategies and protect their people and assets.

    • Vulnerability Assessment Tool (V.A.T.)

      The Vulnerability Assessment Tool (VAT) provides a deterministic assessment of the gaps affecting active and passive security systems and asset protection policies, reducing human bias and making analysis as comprehensive and standardised as possible.

      Through the operationalisation of standards (IEC and ISO) and international best practices, the V.A.T. system sets, for each of the domains taken into consideration, a benchmark against which to identify and measure any security system gaps. A quantitative approach combining different types of risk in a single process (through a specific standardisation process) makes asset vulnerabilty analysis less fragmented than it normally is.

      The V.A.T. methodology is based on different questionnaires to be used for each section examined (i.e. checklists), with closed-ended questions varying based on the level of threat and the type of asset being assessed. Thanks to checklist customisation, the V.A.T. system provides fact-based and detailed assessments.

      Expressing the vulnerability level of a given asset with a number helps comparison in both synchronous (between multiple assets) and diachronic (for the same asset in two distinct moments) terms. This allows organisations to measure how effective their mitigation policies are and set targeted and objective strategies.

Contact us

Like what you’ve seen? Get in touch to learn more.