We deliver quality services and solutions through accurate preliminary analysis, aimed at tailoring them to meet our customers’ needs and to timely achieve agreed goals and objectives

Our Services

  • IT Governance

    • Assessment and validation of the internal control system design and effectiveness aimed at safeguarding information systems.
    • Detection and assessment of the risks deriving from internal control deficiencies of the main IT processes.
    • Gap analysis with reference to the international Best Practices (COBIT and ITIL).
    • Definition of recommendations and corrective actions to achieve a level of internal control appropriate for the customer’s needs, including production of the “Internal Control Plan”.
    • Assessment and setting of the automated “configurable” controls of the main ERP applications (e.g. SAP).
    • Support for the collection, evaluation, design, drafting and testing of business requirements of the main ERP applications, in line with main internal control frameworks and best practices.
  • Information & Cyber Security

    • Mapping of the IT assets supporting business processes.
    • Assessment of threats and vulnerabilities associated with IT assets.
    • Assessment of the “Risk Measure” associated with the business impacts.
    • Gap analysis related to the existing security measures.
    • Development of the “Strategic Information Security Plan”.
  • IT Risk Management

    • Implementation of “Enterprise Risk Management” models and procedures.
    • Mapping of both business and information technology processes for the identification of critical activities.
    • Execution of self-assessments with the process owners, aimed at identifying and assessing risks and control activities.
    • Detection of deficiencies in the internal control system and identification of the related corrective actions.
    • Design and implementation of the “Audit Plan” aimed at testing controls deemed effective.
    • Preparation, according to explicit and shared criteria, of the “Action Plan” pointing out recommendation related to the gaps identified.
    • Implementation of fraud risk management models.
  • IT Audit & Compliance

    • Identification of the processes (Business, Finance and IT) subject to regulation, assessment of non-compliance risks and analysis of the internal control system.
    • Gap analysis with reference to the control framework requested by the regulations.
    • Test on detected (existing) controls and implementation of the related Remediation Plan.
    • Remediation Plan effectiveness follow-up.
    • Implementation of a monitoring and reporting system supporting top management’s decisions.
      Fraud Auditing activities.
    • Audit and implementation of both procedural and IT Segregation of Duties (SOD) models.
  • GDPR related services

    As part of the EU Regulation 2016/679 General Data Protection Regulation, we are able to offer consultancy and technological support:

    • DPO support activities (co-sourcing of the DPO function).
    • Audit on the privacy management system pursuant to EU Regulation 2016/679.
    • Training.
    • Software Solutions – GDPR Platform.
  • Compliance with 262/05 and Sarbanes Oxley Act regulations

    Under the 262/05 and Sarbanes Oxley Act regulations, we are able to offer the following consultancy support:

    • Design and implementation of compliance models and procedures (mapping of Business and IT processes, design of key controls, production of narratives, flowcharts and RACI matrices, drafting of “Test of Design” and “Test of Effectiveness” plans.
    • Execution of controls testing activities.
    • Audit and Gap Analysis of the existing compliance model.
  • Business Continuity

    • Identification and establishment of methodological and organizational frameworks for business continuity management.
    • Drafting of Business Impact Analysis (BIA) for crisis scenarios related to critical business processes.
    • Implementation of the complete set of policies and procedures necessary to ensure business continuity, including operating procedures and the “Control Plan” to assess the effectiveness of technical and organizational measures.
    • Audit on the effectiveness of business continuity plans.
  • Dedalo Academy: Training and Coaching

    We provide customized courses on the following topics in response to our customers’ needs:

    • COBIT ™ 5/2019 Foundation.
    • ISO 27001 Lead Auditor.
    • ISO 22301 Lead Auditor.
    • Main international IT Service Management frameworks.
    • Main international project management frameworks.
    • Information Security & Privacy Awareness.

    Dedalo is an Accredited Training Organization (ATO) at APMG-International for the provision of courses and certification exams on the international standard ISO/IEC 27001

Our brochure



  • Security Operation Center

    Dedalo is equipped with a Service Operation Center to provide services aimed at assessing the IT Security level of our customers.

    Moreover, our SOC provides “Incident Response” services performing CSIRT function (Computer Security Incident Response Team)

Our Solutions


    We are equipped with a remote data collection infrastructure and a Security Consultant team, able of consolidating, selecting, interpreting and correlating the data produced by the Vulnerability Management systems in place at our customers.
    Our Security Operation Center (SOC) monitors the information incoming from the agents installed on the customer’s network. This information is transmitted securely via VPN.


    We have developed the web-based IT solution CR.AA.M. to offer compliance risk assessment and monitoring services. The application, based on web architecture, allows for example:

    • archiving and consultation of regulations
    • historicization of the checks carried out (check-ups)
    • management of compliance check-ups on individual regulatory modules
    • production of graphical and tabular summary and analytical reports
    • production of an executive summary in editable format

    We plan our surveys in synergy with the customer and exploiting the competence of a team specialized in statistics. We develop and implement the latest technological solutions thanks to the support of a CAWI (Computer Assisted Web Interviewing) solutions team. We efficiently test and deploy to production what has been designed, granting effort savings for the Customer who is involved in the results analysis phase only.


    The service is based on the Globaleaks open source platform provided under SaaS (Software as a service) mode, which allows to manage reports received from employees effectively and in compliance with regulatory requirements, granting the highest level of confidentiality.
    The platform used is released under the AGPL.

  • GDPR Platform

    The GDPR management platform allows companies to manage all areas disciplined by the regulation. Its specific features allows the user to:

    • record the data processing activities
    • view the record of processing activities
    • perform risk pre-assessments
    • perform the Data Protection Impact Assessment
    • record violations of personal data (Data Breach)
    • manage communications with the Supervisory Authority (“Garante per la Protezione dei Dati Personali”)
    • archive useful documentation in each production phase
    • monitor data processing activities through multidimensional dashboards
    • extract executive summaries and detailed reports
Dedalo GRC advisory S.r.l. - Largo Luigi Antonelli 9 - 00145 Roma - Numero REA RM - 1536806 - PIVA e C.F. 14662641001