According to data from the Global Cybersecurity Outlook 2025 , the perception of cyber risks is constantly growing: one in three CEOs indicates cyber espionage and intellectual property theft among the main corporate concerns , while 45% of cybersecurity leaders fear disruptions to operations and business , as well as significant economic damage.Organizations must therefore adopt solid management systems – preferably internationally recognized and certified under accreditation – so as to raise the overall level of cybersecurity and contribute, overall, to building a safer and more reliable ecosystem.
UNI/PdR 174 on management systems
To counter cyber risks, the UNI/PdR 174 Reference Practice was created, promoted by Accredia in collaboration with CINI Cybersecurity National Lab (National Laboratory for Cybersecurity of the National Interuniversity Consortium for Informatics), UNINFO and other institutional actors.“With UNI/PdR 174, we help companies improve their ability to protect and react to cyber attacks. By simplifying and optimizing the work of organizations, internationally recognized impartial solutions are provided through the adoption of a management system, ” says Ruggero Lensi, UNI General Director.
One of the key elements of the practice is the creation of a Cyber-Information Security Management System (C-ISMS) , a management system that combines the principles of comprehensive information security , with a dynamic approach, capable of effectively addressing the increasingly rapid changes in cyberspace scenarios and the evolution of cybersecurity threats.
The C-ISMS, in fact, provides a methodological framework that allows companies to improve their ability to protect and react to cyber attacks.
ISO/IEC 27001 and the NIST Cybersecurity Framework
“UNI/PdR 174 achieves the goal of harmonizing the already certifiable requirements of the UNI CEI EN ISO/IEC 27001:2024 standard with the objectives indicated by the NIST Cybersecurity Framework (CSF)” underlines Alessandro Armando, Director of the CINI Cybersecurity National Lab and president of the Scientific Committee of the SERICS Foundation.“This is an important result – he continues – because, despite being the main reference tools in the sector, the standard and the framework have approaches that are not easily superimposable and different ways of using them.
UNI/PdR 174 therefore responds to a need that is very much felt by organizations today.”
The Cybersecurity Framework of the National Institute of Standards and Technology (NIST) is a practical tool that allows organizations, which already use the Framework for self-assessment, to size the effort necessary to start their own accredited certification path and – for those that already have it – to adapt their management system for cybersecurity and information security to the objectives set by the Framework.
The accredited certification
“The possibility of obtaining an accredited certification represents an added value, because it ensures compliance with international standards and an objective guarantee on the quality and effectiveness of cybersecurity management ,” explains Filippo Trifiletti, General Director of Accredia.“Adopting UNI/PdR 174 on cybersecurity for companies – he adds – means choosing a path of excellence and innovation, consolidating one’s position in an increasingly demanding market in terms of data protection and digital resilience”.
The ISO/IEC 27001 standard, with reference to the adoption of systemic requirements, provides a prescriptive regulatory framework and requires equal rigour in defining the operational controls of Annex “A”, on the basis of the risk assessment.
Instead, the NIST CSF offers a more flexible approach that allows organizations to tailor their cybersecurity strategies based on risk.
The convergence of these two references allows for the creation of a more effective and structured IT security management system , capable of guaranteeing concrete advantages to those who adopt it.
The advantages for companies
The adoption of UNI/PdR 174 offers numerous benefits to organizations, including:- demonstrate greater reliability and transparency towards customers, partners, suppliers and stakeholders, strengthening the trust and reputation of the organization
- access new market opportunities in situations requiring high standards of cybersecurity
- reduce the risk of having to implement different standards based on the reference market, for organizations that operate on a global scale, simplifying the compliance process
- Increase operational efficiency by reducing management fragmentation
- optimize resources , focusing on the most critical vulnerabilities and implementing adequate controls efficiently. (Source: https://www.accredia.it/ )