Академический Документы
Профессиональный Документы
Культура Документы
Written by Date
Giampiero Astuti 24 March 2017
Company Version
Astaldi SpA Draft
Contents
1 INTRODUCTION 5
7 HUMAN RESOURCES 9
7.1 INTRODUCTION 9
7.2 ORGANIZATION CHART 9
7.3 GROUP CIO 10
7.4 IT PROJECT LEADER 10
7.5 IT BUSINESS ANALYST 11
7.6 SOFTWARE DEVELOPER 11
7.7 SERVICE DESK 11
9 IT VENDOR 34
9.1 VENDOR MATRIX 34
10 IT STANDARDS 35
10.1 HARDWARE AND SOFTWARE 35
10.2 FORMAT OF FILES 35
12 IS PROJECTS 37
12.1 IS PROJECTS FOR 2014 37
12.2 IS PROJECTS FOR 2015 38
12.3 IS PROJECTS FOR 2016 39
13 APPENDIX 40
13.1 APPENDIX A: GLOSSARY 40
13.2 APPENDIX B: LIST OF ALL SERVERS INSTALLED IN THE CORPORATE INFO-CENTER 41
13.3 APPENDIX D: LIST OF CORPORATE SYSTEMS BY COUNTRY 42
13.4 APPENDIX E: DATA-FLOWS 42
13.5 APPENDIX F: LIST OF IT STANDARDS 45
13.5.1 HARDWARE 45
13.5.1.1 Server 45
13.5.1.2 Networking 45
13.5.1.3 Personal Computer 45
13.5.1.4 Printers and Plotters 45
13.5.1.5 PABX and telephone set 46
13.5.1.6 Cellular phone 46
13.5.2 SOFTWARE 46
13.5.2.1 Operating System (SO) 46
13.5.2.2 Business Applications 46
13.5.2.3 PC related software 47
13.5.2.4 Technical Business Applications 48
13.5.2.5 IT Security 48
13.5.2.6 EDMS and e-collaboration 48
13.5.2.7 Data Base Management Systems 48
13.5.2.8 Tools 48
13.5.2.9 Software Development 49
13.6 APPENDIX G: PABX NETWORK DIAGRAMS 50
1 INTRODUCTION
This document describes the whole Information System of the Astaldi Group for what refers to:
Organisation;
Processes;
Technologies.
7 HUMAN RESOURCES
7.1 Introduction
In the frame of the Matrix organization of the Group, all worldwide IT people in the Group report
to the CIO.
G. ASTUTI
(Group CIO)
Corporate IT Infrastructure Corporate Business Analysis Corporate Application Develop. Local IT Organiz.
Italia
Infor
A. Sorrenti (Max Italia) C. Aggravio S. De Giorgi A. Valente F. Salerni
Finance
In-house Dev
A. Remigio (Media Point) C. Picchi (Infor, 80%) M. Quaglieri (Romana Inf.) W. Alcrow
Distribution
Estero
G. Paduano L. Pariboni E. Fernandez
S. Lenzi (50%) ….
Software
In-house
Tagetik
Cert.El.
eRoom
Mobile
Phone
Piteco
Vision
Client
Mana
PEC e
Baan
Persona EAM
Alessandro Sorrenti X
Andrea Remigio X
Caputo Simone X X X
Carlo Pieragostini Finance X X
Carmen Picchi Finance
Claudio Aggravio Fin. + SW Dev. X X X X X
Claudio Cacciotti MetroC MetroC MetroC
Claudio Cretaio X
Giancarlo Menna X X3 X
Gianni Paduano X
Luciana Pariboni Distrib. X
Marco Bianchi Proj + SW Dev. X X X
Matteo Quaglieri X X X3 X X3 X
1
Here is the meaning of each color used in the picture:
Green = permanent employee
Red = IT consultant (the name of the supplier and the % of allocation is also indicated)
2
The picture just includes IT people working in Rome
Human Res.
Sharepoint
IT infrastr.
Software
In-house
Tagetik
Cert.El.
eRoom
Mobile
Phone
Piteco
Vision
Client
Mana
PEC e
Baan
EAM
Persona
Rito Ricciardi X
Roberto Cernosick Distr. + Sw Dev. X X3 X
Silvia Caramazza Project X X
Stefano De Giorgi SW Dev. 3 SW Dev.
Stefano Lenzi X
Figure 4: Functional allocation of each IT personnel
3
Effettua anche i rilasci degli oggetti in produzione
Preparing requests for proposals and conducting all necessary meetings to facilitate selection of
project services and products;
Planning and overseeing the preparation and dissemination of project communications
8.1 IT Security
Astaldi has released a specific Policy (POLc-AST-SI-001) in order to ensure a standard and correct
use of all devices/systems and improve IT security.
In the following paragraphs will are going to describe all main aspects.
8.1.5 IT guidelines
Here are the main technical and organizational characteristics:
Policy for the management of user profiles:
User profiles are managed using SOP PO-AST-SI-008;
Passwords:
They must be composed by at least eight characters;
They should contain at least three of the following group of characters: Numbers, uppercase
letters, lowercase letters and special characters;
They should be changed every ninty days;
They should not contain the last five passwords;
They should not contain part of the user name
User profiles is disabled if a wrong password has been entered for five consecutive times.
Request for changing ACL:
ACL are changed based on a written request of the Process-Owner
Access to network folders:
Only the domain administrator can change this privileges;
every request should be fully documented;
No folders can be created with a written privilege for all users;
Mailboxes:
Each mailbox should be accessed only by the mailbox owner;
Each user can request (creating a Service Desk ticket) to forward its own mails to another
account;
The system is protected against virus and Spamming4;
Virus e Spy-ware:
The anti-malware systems have to be updated at least twice a day;
Each system has to be automatically updated;
Internet surfing:
A specific web blocking system (websense) has been implemented;
Specific antivirus has been enabled;
A specific Automatic Intrusion Detection (with logging) has been enabled;
Period Audit Trails are managed periodically.
We use the “Group Policy Manager” of Microsoft Active Directory to set-up the security policies
and the Audit Trails.
8.2 Info-Center
8.2.1 Introduction
The Central Information Centre is located at the Astaldi Headquarters in Via G.V. Bona. No. 65
Rome.
All main systems are backed up for maximum security.
4
We are currently using Microsoft Office365 Antispam technology
These UPS ensure about 30 minutes of autonomy and throughout this period the generator with a
200 liter tank capacity takes over.
The generator has sufficient capacity to supply electricity to the whole data center for one day.
8.3 Telecomunication
8.3.2 Internet
The internet service has been implemented using two Internet lines:
200mbps fiber optical connection provided by Infracom
100mbps fiber optical connection provided by BT (back-up of the first line)
5
In some cases, a VPN tunnel has been implemented using Watchguard firewall in order to improve IT security
8.3.3 WiFi
In the Corporate building in rome we have also implemented a wifi based on HP technology.
The following services are currently available:
Astaldi_utenti: to be used by all internal PCs;
Astaldi_mobile: to be used by all internal smartphone;
Astaldi_guest: to be used by guests;
Astaldi_Auditorium: to be use in the Auditorium;
Astaldi_Sale Riunioni: to be used in the new conference rooms.
8.4.2.1 Introduction
A local provider has been selected in each country for getting this service.
In Italy, we are using Fastweb since 20046.
Currently, we are using the following models:
New implementations: Voice-over-IP
Old implementations: PSTN
6
Some old phone lines will still be provided by Telecom Italia for several reasons.
The system allows us to monitor the status of each users on the entire IP network;
A global directory system is used;
In 2010, we decided to purchase Cisco for all new phone environment7.
In 2015 we migrated the Coporate PABX to Cisco. Several Italian sites/job sites are now using it
without a local PABX.
Please check “Appendix G: PABX network diagrams” for more information about the PABX
network.
7
The first project that has adopted Cisco has been Metro-5 in Milan.
8
The detailed document is available here
9
Specifically, Board members, CEO, President, etc.
8.5.5.1 Introduction
The Project Module of Baan is the software of reference in the Information System for all activities
of Planning, Cost Control, Quantity Survey and generally for the Management of a Project.
Astaldi has implied many resources to cover all requirements; the result is the realization of an
integrated system, based on the best available standard packages and tailored in order to satisfy all
needs of big Italian and International Construction Projects.
The documents must be digitally signed using a smart-card Actalis: after that they are sent to the
partner for the digital storage.
The system allows access to all the documents filed at this address: https://postedoc.poste.it
As a result, Tagetik improves visibility and transparency, of the financial, statutory and management
consolidation process, shortens closing and reporting cycles, supports requirements of regulatory
changes and manages multiple accounting standards, reducing Total Cost of Ownership (TCO) and
cycle time of the entire consolidation and reporting process.
Financial, Statutory and Management Consolidation features and benefits include:
Chart of accounts and rules: Define control groups between main accounts and related
details/variations to be displayed in reports.
Legal entities & hierarchies: Define legal entities and reporting units, and set unlimited
hierarchies to support complex ownership requirements.
Legal structure: Conduct event-based management of the history of your legal structure
(% of ownership, financial investments variations, net equity variation) by period,
managing multiple scenarios (holding and sub-holding levels) and consolidation rules.
Currency conversion: enter or load data in virtually any local currency and easily see
currency and exchange rate differences and impact on consolidated actuals.
Accounting principles: Generate multiple, simultaneous consolidations for U.S.
accounting standards (GAAP), XBRL, and International Financial Reporting Standards
(IAS/IFRS) from a single data source without having to run multiple consolidations.
Decentralized web intercompany (IC) matching process: Define groups of accounts for
intercompany (IC) matching with relative reconciliation accounts, thresholds and
graphical web dashboard for matching between entities from within a built “IC Cockpit”.
Full auditability: Ensure complete data traceability from ERP to final reporting and
disclosure, with automatic financial intelligence, powerful controls and validations, and
detailed audit trails.
Automatic/manual data collection: Gather data, do intercompany (IC) matching, create
pre-consolidation adjustments, add manual entries and monitor approvals workflows for
each phase all in a single solution.
Controls and Diagnostics: At each step of the process from data entry to consolidation
and reporting, by using automatic financial controls, validations checks, and balances.
Powerful reporting: Manage all financial reporting requirements, including pre-built logic
for credit/debit signs, double-entry logic for creating cash flow statements, automated
rounding and scaling, and drill-down capabilities for reporting and analysis at all levels
of detail.
Segment reporting: Aggregating data “on the fly” by defined segment structures
allows for simulation and ad-hoc analysis without frequent consolidation. Designed
to allow autonomy at the segment level while meeting corporate requirements.
Tagetik has been upgraded to version 5 in October 2015. By the end of the year, the following two
improvements will be implemented:
Publish Tagetik service to Internet in order to avoid the use of VPN (done in December
2015);
Replace its own users profiles with the Active Directory ones in order to avoid double
profile management.
It is possible to group all sorts of information by using some drivers, such as WBS structure and
others that will be defined case by case. Several reporting tools are available, such as the “pivot”
mechanism inside the system, based on an “excel-like” interface, and some printouts that can be
directly settled by the user according to category, type of data and desired layout.
The system is used in the Astaldi Rome Headquarters and is starting to be diffused also abroad
among all Astaldi’s International Branches with a web access.
8.5.12.1 Introduction
The use of ECMS (i.e. an information-technology system exploiting the Internet standards to enable
groups to communicate and collaborate more effectively, irrespective of their physical location and
time zone), provides considerable advantages to the Group.
Our business sector presents a remarkable number of entities having the following characteristics:
being distributed over a geographical area;
belonging to different companies;
taking part in the activities of execution of the works at different points in time (time asynchrony);
heterogeneity of roles.
Therefore, information-technology coordination procedures are actually required in order to better
organize the operational-managerial activities carried by any of the entities involved.
In order to improve the efficiency, productivity and flexibility of such a complex organizational
structure, it has been deemed advisable to implement a collaboration environment enabling people
to communicate, to share ideas, documents and processes between them. The coordination between
the various entities is, therefore, ensured by both the use of a Web-based instrument and by
automated work-flow processes managed by the system.
The system has the typical characteristics of e-Collaboration tools:
Open system: The portal is based on standard architectures allowing it to easily integrate with any
information-technology infrastructure.
Scalability: The Platform selected, specifically designed for decentralized companies, allows to
flexibly fit the project's varying dimensions in order to more effectively manage the ever-
increasing volume of contents, heavy traffic loads, the increasing number of users and complex
work-flow processes, while preserving system's high-end performance.
Safety: The system, enabling to restrict the access to information and services, allows
organizations to make their contents available to a wider range of collaborators, so as to keep the
security of proprietary information unprejudiced. All the data stored in the repository are fully
protected by a specific ACL (Access Control List).
Integration: The system, by being able to manage any type of content, allows to integrate in its
own platform structured/destructured data originating from almost any source.
Effectiveness of presentation: Each user has access exclusively to the information/services the
same is authorized to
Multilingual support: The system is provided with a multilingual interface
Support to the most important market standards: The system supports all the most important
market standards (browsers, HW and SW platforms)
8.5.13.1 Introduction
Me, presently available only for Italian employees, is the access point to specific applications and
data such as:
Global Address book;
Payslips;
Request of absence;
Mobile traffic.
The portal is based on a Document Repository including both structured and destructured contents.
8.5.14 HR Management
8.5.14.1 Introduction
The Management of Personnel is ensured by four applications providing the following functions:
The management of pays and the fulfilment of law obligations connected therewith;
The management of human resources;
The management of accesses (Badge);
The collection of data from peripheral units and the feeding of the same to the two applications
mentioned above;
Management of Business Travels and Bills of Costs
The contractual data of the main collective labour contracts are pre-loaded by the software supplier
and may be used and customized by the user in order to adjust the same to the latter's requirements,
thus facilitating the system implementation process.
Moreover, all the social security and mandatory insurance contribution percentages due to the
various institutions, the amounts due according to the various laws (family allowances, tax
allowances, etc.), tax and contribution exemptions (business travel allowances, tickets, etc.), the
parameters necessary to determine applicable percentages (severance indemnity revaluations,
IRPEF tax brackets, etc.) are already loaded in advance, including any other thing as provided for
by the laws in force.
The variable entries of the pay bill relating to the payment of overtime work, additional amounts,
supplementary pays and anything provided for by the contract are already set in advance on the
basis of the laws applicable to labour contracts.
The user may modify and update all the existing parameters and information so as to customize the
system according to its specific requirements or as may be required by amendments to the contract
or to the law.
Prior notice of any change resulting from the employee's career advancement in terms of position,
grade, wage/salary increase and detachment (transfer to a new office, relocation), promotions
affecting his/her conditions may be given to the personnel master records by providing the data and
information required to automatically take into account such changes in due course.
The monthly input of payroll data may be managed manually, by entering the data in the presence
calendar, or automatically by means of a connection with remote attendance-detection systems
reading the data stored on a magnetic carrier.
The payroll process, further to determining the amounts due to each member of personnel, also
determines the amounts to be allocated to provisions for deferred remuneration relating to additional
pays, bonuses, leaves, abolished public holidays, reduction of working hours.
Social security and mandatory insurance contributions, taxes, etc. are thus calculated.
The corresponding cost of personnel attributable to contribution is also determined as percentage to
be borne by the company and by the member of personnel.
All such data are a very important source of information for subsequent statistical studies,
accounting registrations, determination of costs and definition of budgets.
Moreover, the system is able to store data by date and to make them available any future check as
may be necessary.
During 2014 started a project whose target was the comprehensive review of all activities related to
the processing of payrolls and salaries. The scope was to migrate to a new software (Zucchetti) and
give in outsourcing most of these activities, reducing the number of people dedicated to this work.
Partners selected for outsourcing were Deloitte for the Operations about payroll management and
Zucchetti as software solution.
The project, completed in 2016, has assigned the following activities to the Human Resource
Department:
Update of all the basic data information in Zucchetti;
Collection and submission of monthly data information to Deloitte, through software developed
in house;
All relationships with social security institutions and heath care.
All control activities are performed by the outsourcer.
Starting from November 2013 the system has been migrated progressively on an outsourced solution
produced by Contur called TravelMatic.
We also proceeded to review the process and its Travel Policy (regulated both by the operating
procedure PO-AST-DRU-002).
The new model has been extended in 2014 to almost all Italian companies.
8.5.19.1 Exchange
In 2013 we completed the centralization of all email systems of our controlled companies to the
Corporate data center10.
In October 2015 we completed the migration of all mailboxes (around 3.200) to Microsoft
Office365.
In order to simplify the management of Corporate user profiles and all related mailboxes, we defined
the following structures:
10
In 2016, there are almost 3.500 active mailboxes on our Corporate email system.
@sartoritecnologie.it
@metrocspa.com
@groupeteq.com
@btctunnel.com
@sirjoscpa.com
@3esystem.it
@astaldi.com
@nbispa.com
@cosat.eu
@scl-cjv.cl
Amministratore IT Based on
Bendouha Zouheir Algeria Algeria
Alcrow W. Canada Muskrat Falls (Canada)
Fernandez E. Canada Canada - Montreal CA
Hernandez Heber Chile Chile
Riquelme Carlos Chile Chile
Faviere Giandomenico Italy Italy All All All
Boraggini Alessandro Italy All All All
Cacciotti Claudio Italy Italy
Cretaio Claudio Italy All All All
Remigio Andrea Italy All All All
Ricciardi Rito Italy All All All
Sorrenti Alessandro Italy All All All
Contreras Miguel Peru Peru
Biczyk Hubert Polond Poland
Danciuc Marius Romania Romania
Morales Ivan Salvador Center-America
Yasar CULHAOGLU Turkey Turkey
Colby Richards USA USA
8.5.19.2 Sharepoint
In October 2015, we started a project for migrating all on-premis sites to the Cloud.
8.5.19.4 Skype
We are currently using Skype for handling the online presence, instant messages and VOIP phone
conversation.
In spite of some technical limits, we are evaluating the migration of Skype Consumer to Skype For
Business in Office365.
The following figure shows all data interactions between all implemented systems11:
11
Systems in the clouds are represented in yellow
9 IT VENDOR
High
Dell Microsoft
Total IT yearly Cost
Infor
Medium
Vodafone
Ricoh Max-Italia
Fastweb Piteco
Cisco Talentia
Travelmatic Qlik Tagetik
Symantec Gartner
Oracle
Low
10 IT STANDARDS
11.1.1 Introduction
Considering the role of the IT, it is clear that the IT support has to be efficient and effective.
The aim of this service is to:
Minimize the number of IT issues that can reduce the effectiveness of our users;
Resolve as soon as possible issues related to Hardware, Software and lines.
11.2 IT Training
Considering the huge number of IT services, users and geographical locations, IT training is one of
the most critical success factor.
Education and training are not only a profitable investment on the human component of the
company, but also an essential tool for professional development, especially when we introduce new
technologies or reengineer our processes.
Training allows us to update employees’ knowledge both from a technical and methodological
point-of-view.
Training programs should also include a training-on-the-job activity in order to consolidate the
concepts.
12 IS PROJECTS
Upgrade of Talentia to the new version and reengineering of the Work Force Planning
and Performance Management processes;
Roll-out of Talentia to Romania;
Roll-out of the Enterprise Asset Management to Canada;
Implementation of the Landesk Service Manager Suite to the Group for manaing all IT
requests;
Electronic invoicing System for the main italian counterparts;
Roll-out of Piteco to USA, Canada and Poland;
Implementation of the new firewall systems (Palo-Alto) for improving IT security of the
Corporate data-center.
13 APPENDIX
Disaster Recovery
COUNTRY WHERE THE SOFTWARE IS IN USE
On Internet
Active Dir.
Owner
SYSTEMS
Venezuela
Nicaragua
Honduras
Costarica
Romania
Salvador
s. Arabia
Bulgaria
Canada
Poland
Algeria
Turkey
Bolivia
Russia
Oman
Qatar
Chile
Peru
Italy
EAU
USA
Act. Direct. C D D D Si AS Si
Antivirus C Si AS
AstaSW C C C C C C C C C C C C C C C C C C C C C Si GM Si
Baan C C C C C C C C C C C C C C C Si SD Si https
Bloomberg O Si AR Si
BravoSol. O Si AR Si
Talentia 2012 2016 2013 C 2013 2013 2014 2015 2014 2016 Si MQ Si https
G.Ledger D D D D D D C D D D MQ
eRoom C C C C C C C C C C C C C D C C C C C C Si RC Si http
E.P.Prot. C AR
File Sys D D D D D D D D D D D D D D D D D D D D Si AS Si
FinCad S AR
Gemms C CA
Warehousing D D D D D D C D D RC
EAM (tecn.) 2014 2014 2014 2015 2013 Si MQ Si https
EAM (amm.) 2014 Si MQ Si https
Fixex Asset D D D D D D D D D C D D D D D D D D D D Si MQ
Legal Mngt C MQ
Corp.Bank. S * CA Si
Ipsoa C Si CA Si
Lan-Desk C C AR
Networking D D D D D D D D D D D D D D D D D D D D Si AS
Piteco 2013 2014 2016 C 2016 2014 2016 2017 2016 2014 Si CA Si https
Swift - 2015 2016 2016 2016 2016 2017 2016 2015 Si CA Si https
Corp. Mail O O O O O O O O O O O O O O O O O O O O O Si AS Si Si
Primavera S S S S S S CS S S S S S S S MB http
MS-Project S S S S S S S S S MB
Primus S D SC
Linea 32 S S SC
STR Vision C D Si SC Si https
Reuters O O AR Si
Att.tracking D D D D D D D D D C D D D D D D D D D D Si MQ
Web site O GM Si
Zucchetti O CA Si
AutoDesk Si SC W
Sharepoint C C C C C Si GM Si Si
Tagetik C C C C C C C C C C C C C C C C C C C C Si CA Si https
Travelmatic O CA Si
Tylos S MB
Web-Sense C AS
13.5.1 Hardware
In the following paragraphs all main HW standards have been listed.
13.5.1.1 Server
Device Brand Model Note
Server Dell n/a In case several servers have to be installed, a rack
version should be chosen.
This equipment, like all other IT infrastructure
products (e.g. Switch, Hub, Router, Firewall, etc.),
has to be covered by an UPS.
13.5.1.2 Networking
Device Brand Model Note
Switch HP A POE version should be used in needed.
Router Cisco n/a The model will depend on the size of the site and
funcionalities to be implemented
Firewall Palo Alto 3020 To be selected only for very large Data-Center
(more than 500 users).
Firewall Watchguard XTM xxx To be selected for all other geographical sites.
The following functionalities should be activated:
Webblocking
Back-up delle linee dati
Load-balancing
Traffic analyser
Lan-to-Lan VPN
Anti-Virus perimetrale e Anti-Spam
Samsung Note / Sx
Smart-Phone Samsung Galaxy Advanced Employees
Tablet Tablets cannot be purchased. A BYOD approach is
allowed.
13.5.2 Software
13.5.2.5 IT Security
Typlogy Brand Name of Product Note
Anti-Virus for PC Symantec Protection Suite Antivirus, Anti-Spyware e Anti-adware
Enterprise Personal Firewall
Edition
Anti-Spam Microsoft Anti-Spam We are using the technology embedded in the
Exchange service provided by the Office365
environment.
Log Administators Symantec Security Information Log of all IT Administrators activities
Manager
Backup e Restore Symantec Backup Exec
Web Filtering Websense Web Security Gateway This systems is currently used in Italy only. In some
Anywhere other countries a simplified system has been
implemented.
13.5.2.8 Tools
Typlogy Brand Name of Product Note
PC management Landesk Landesk Management HW and SW Inventory
Suite Remote Control
Software Distribution
Patch management