System administration designation in the “System Administration” measure


  • log
  • log management
  • regulatory compliance

System administration designation in the “System Administration” measure

In the digital age where the management of information and personal data plays an increasingly central role, the appointment of system administrators becomes crucial to ensure the security and integrity of computer systems and the data they process. This article aims to examine the importance of evaluating the experience, capability, and reliability of the designated system administrator, as well as the requirements and responsibilities that arise in accordance with current regulations.

Evaluation of Experience, Capability, and Reliability

The appointment of a system administrator must be preceded by a rigorous evaluation of the candidate’s technical expertise, experience, and reliability. The system administrator is responsible for the management, configuration, and monitoring of IT systems, thus, they must possess extensive technical knowledge and a deep understanding of IT infrastructures. This ensures effective handling of day-to-day operations and swift responses to any issues or threats.

Furthermore, the ability to comprehend and adhere to current regulations regarding data processing, including aspects related to security, is a fundamental requirement for system administrators. They must be aware of privacy laws and company policies concerning data protection and ensure that these regulations are implemented and followed diligently.

Individual Designations and Areas of Operation

Each appointment of a system administrator must be treated individually, clearly specifying the areas of operation allowed based on assigned authorizations. This ensures that each administrator has access only to the necessary resources to carry out their specific functions, thereby minimizing the risk of abuse or privacy violations.

List of System Administrators

The identity and functions of system administrators must be meticulously documented in an internal register. This list must be kept up-to-date and made available for any investigations by the Garante or competent authorities. A well-maintained register will aid in demonstrating compliance with regulations and providing a clear traceability of the activities performed by system administrators.

Disclosure of System Administrators’ Identity

If the activities of system administrators involve, even indirectly, the processing of personal data of employees, the data controller and data processor must disclose the administrators’ identities within the company’s organization. This can be achieved through information provided to employees under Article 13 of the Code or by using a technical discipline approved by the Garante.

Outsourcing System Administration

In cases where system administration services are outsourced to third parties, the data controller or data processor must directly and specifically retain the identifying details of the individuals entrusted with this role. This practice ensures that necessary information is always available and easily accessible.


The appointment of system administrators is a fundamental aspect of ensuring the security of computer systems and the protection of personal data. Evaluating the experience, capability, and reliability of the designated individuals, along with clearly defining their functions and areas of operation, establishes a solid foundation for effective IT operations management and consistently high compliance with privacy regulations.