Quality and safety to create value
INAZ’s strategic objectives include developing and consolidating standards of excellence and best practices for all services and solutions offered to customers and protecting the confidentiality, availability and integrity of data and information.
Inaz has established an integrated management system based on the best regulatory standards and through its Compliance department, defines a system of internal controls capable of preventing compliance, operational and information security risks. We also believe that the integrated management system is a tool for Inaz to communicate to the market by obtaining the following certifications and attestations:
- ISO 14001certifying to the adoption of a solid environmental policy system
- ISO 9001 certifying the quality management system
- ISO/IEC 27001 certification for information security and ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27035 and ISO/IEC 27701 guidelines
- ISAE 3402 Type two attestation
- ACN Qualification
Obtaining certifications ensures the implementation of standards of excellence for the performance of the following activities:
- Software design and provision of technical assistance for HR management and administration.
- Marketing, design, start-up and delivery of processing services for HR administration and management, including in software as a service (SaaS) mode.
- Delivery of IaaS and PaaS services using the guidelines ISO/IEC 27017 – Cyber Security in the Public Cloud, ISO/IEC 27018 – Privacy in the Public Cloud, ISO/IEC 27035 – Security Incident Management in the Cloud, and ISO/IEC 27701 – Management System for the Protection of Personal Data.
- Design and delivery of courses and conferences.
- Inaz is also a qualified provider for Public Administration for SaaS services and our Datacenter is on the public list of ACN-qualified Cloud Service Providers (CSPs). This attestation ensures that the infrastructure is designed and maintained to the reliability and security criteria required for public digital services.
INAZ, as part of Corporate Policy and through the commitment and active involvement of all corporate components, is committed to pursuing Information Security and Privacy and in particular to:
- define the methods necessary to ensure that this policy is understood and applied at all levels of the company;
- periodically measure and verify the effectiveness of the ISMS&P;
- preserve the information assets of INAZ and its customers by ensuring adequate levels of security in the handling of information as part of business processes;
- improve the ability to respond to cyberattacks through the Security Operation Center, proactive investigation tools and escalation procedures;
- increase security levels and compliance with privacy regulations by also involving third parties, customers and suppliers;
- ensure that the processing of personal data is carried out in accordance with the principles of privacy by design and privacy by default;
- ensure adequate levels of availability and security of the public cloud with particular reference to data protection and data breach prevention by considering all applicable regulations;
- promote continuous learning on risk identification and management through experiences gained on incidents;
In order to achieve the objective related to Information Security and Privacy we aim to know, through appropriate tools and procedures, the value of information and the means used for its processing and disclosure, the threats to which it is exposed and its vulnerability, and to bring the risks down to a threshold of acceptability through the design, implementation and formalization of an “Information Security and Privacy Management System” that meets the legal requirements and complies with ISO/IEC 27001 and ISO/IEC 27018, 27017, 27035 and 27701 guidelines.