MANAGEMENT SYSTEMS

QUALITY ENVIRONMENTAL AND SAFETY : ISO 9001 - ISO 14001 - EMAS - ISO 45001
INFORMATION TECHNOLOGY: ISO 27001 - ISO 20000 - ISO 22301

Main Content

Cloud MarketPlace for Public Amministration

Following the provisions of the AgID Circulars n. 2 and 3 of April 9, 2018, from April 2019 the AgID Cloud Marketplace platform is on-line through which the services and infrastructures qualified by AgID for the provision of services for the cloud (IaaS, PaaS and SaaS). Inside the Cloud Marketplace it is possible to view the technical data sheet of each service that highlights the technical characteristics, the cost model and the service levels declared by the supplier during the qualification.
The goal is to qualify cloud services and infrastructures according to specific parameters of security and reliability suitable for the needs of the Public Administration, ensuring compliance with the principles of:

  • improvement in service levels, accessibility, usability and security;
  • interoperability of services in the framework of the Public Administration Cloud model;
  • reducing the risk of "vendor lock-in", ie creating a relationship of dependency with the service provider;
  • requalification of the offer, expansion and diversification of the supplier market;
  • resilience, scalability, "reversibility" and data protection;
  • market opening to small and medium-sized enterprises (SMEs).

Starting from 1 April 2019, Public Administrations will be able to acquire exclusively IaaS, PaaS and SaaS services from AgID qualified suppliers and published in the Cloud Marketplace.

ISO 14001

The ISO 14000 series standards are the specifications for Environmental Management, internationally recognized, developed by the committees of ISO (International Organization for Standardization).
They constitute the environmental quality benchmark for managing the business in the global market to support companies.

EMAS

The EMAS scheme (Eco-Management and Audit Scheme) is a voluntary instrument provided by the European Community to which organizations (companies, public bodies, etc.) can join to assess and improve their environmental performance and provide interested parties with information on their environmental management.

ISO 45001

The ISO 45001 standard provides best practices for the organization of business processes from the point of view of workers' safety and health. With its publication in 2018, organizations with SGSL certified according to the OHSAS 18001 standard will have 3 years to complete the transition to the new standard.

ISO 27001

Information is an asset that, like other important corporate assets, has value and needs to be protected. The ISO 27001 standard is a valid tool for organizing your business processes in order to improve information security and give greater assurance of compliance with the law (eg GDPR).

ENVIRONMENTAL CERTIFICATION

Legislative requirements, especially in the environmental field, have taken on a significant aspect in the management of business policies. Compliance with these obligations, especially due to the complexity of the regulatory framework of reference, appears increasingly onerous, especially for small and medium-sized enterprises.

A certified Environmental Management System represents a valid tool to understand "the why" and "how" to proceed in the management of its own business processes in order to improve environmental efficiency (cost reduction, environmental impact etc.) and compliance with national and European legislation. Awareness within the organization is the key word for achieving corporate goals in terms of performance and results.

But what is an Environmental Management System?
It can be described as the complex of:
- planned and coordinated management actions, operating procedures,
- documentation and registration systems,
implemented by a specific organizational structure, with resources and credibility, and with defined responsibilities, and addressed to:

  • prevention of negative effects (risks of accidents for workers, communities and the surrounding environment, production losses, waste, etc.), and
  • to the promotion of activities that maintain and / or improve environmental quality .
  • In particular, SGA aims to help the company to:
  • identify and assess the likelihood and size of risks posed to the company by environmental problems;
  • evaluate how the company's activities impact the environment and how these can create problems for their businesses;
  • define the basic principles that should guide the company's approach to its environmental responsibilities;
  • establish short, medium, long-term environmental performance objectives by balancing costs and benefits;
  • evaluate the resources necessary to achieve these objectives, assigning to them the related responsibilities and establishing the consequent resources;
  • to elaborate specific procedures to ensure that each employee works in his activity in order to help minimize or eliminate any negative impact on the company's environment;
  • communicate responsibilities and instructions to the various levels of the organization and train employees for greater efficiency;
  • measure performances with reference to the chosen standards and objectives, and make the necessary changes;
  • carry out internal and external communication of the results achieved with the aim of motivating all the people involved towards greater results.

IT CERTIFICATIONS

In modern organizations IT services cannot be considered as an accessory element of corporate activity but rather represent a determining factor, actively participating in the business.

The Management Systems can offer tools for a correct and efficient management of the corporate IT processes, in order to improve its quality, safety and the ability to deal with any issues that may undermine the business's business continuity.

The correct management of IT processes and data security has also been the subject of profound regulatory regulation in recent years, in order to guarantee high safety standards (EU EIDAS Regulation, AgID Storage) and protect user data (EU Regulation 679 / 2016 - GDPR).

Among the main reference standards adopted by companies at international level and today also at Italian level, we can include the following :

INFORMATION SECURITY MANAGEMENT SYSTEM
The ISO 27001 standard aims to protect company information and data by ensuring confidentiality, integrity and availability, regardless of the existence within the organization of a more or less advanced IT system.
The standard is primarily aimed at companies that manage information critical for their business (customers, know-how, patents, etc.), for the type of information itself (financial, health, personal data), for the type of activity performed (personal administration, data storage, etc.).
The ISO 27001 standard can now be perfectly integrated with other Management Systems (eg ISO 9001) implemented in the organization and provides a methodology for a correct approach to security also for the purpose of compliance with the privacy legislation (GDPR).

IT SERVICE MANAGEMENT
The ISO 20000 standard incorporates the ITIL (Information Technology Infrastructure Library) methodology for IT service management and constitutes the company certification scheme.
The standard outlines what actions an organization must put in place in order to provide high quality IT services and support. The standard is aimed not only at companies that provide IT services to "external customers", but is also applicable to the IT Divisions within the organization. For customers, the standard guarantees the adoption of quality best practices and the consequent reduction of the risks associated with the outsourcing of the service. For IT service providers the standard represents an effective tool for cost management, marketing and added value at a competitive level.