Quality and safety to create value
Among INAZ’s strategic objectives are to develop and consolidate standards of excellence and best practices for all services and solutions offered to customers and to protect the confidentiality, availability and integrity of data and information.
Inaz has established an integrated management system based on the best regulatory standards and through its Compliance department, defines a system of internal controls capable of preventing compliance, operational and information security risks. We also believe that the integrated management system is a tool for Inaz to communicate to the market by obtaining the following certifications and attestations:
- ISO 9001 Certification which certifies the quality management system
- ISO/IEC 27001 Certification for information security and guidelines ISO/IEC 27017, ISO/IEC 27018 and ISO/IEC 27035
- ISAE 3402 Type Two Attestation
- AgID qualification
Obtaining certifications ensures the implementation of standards of excellence for the performance of the following activities:
- Software design and provision of technical support for Human Resources management and administration.
- Marketing, design, start-up and delivery of processing services for personnel administration and management also in software as a service (SaaS) mode.
- IaaS and PaaS service delivery using ISO/IEC 27017 – Cyber Security in the Public Cloud, ISO/IEC 27018 – Privacy in the Public Cloud and ISO/IEC 27035 – Security Incident Management in the Cloud guidelines.
- Design and delivery of courses and conferences.
- Inaz is also a qualified supplier for Public Administration for SaaS services and our Datacenter is included in the public list of AgID qualified CSP (Cloud Service Provider). This attestation ensures that the infrastructure is designed and maintained to meet the reliability and security criteria required for public digital services.
INAZ, as part of its Corporate Policy and through the commitment and active involvement of all company components, is committed to pursuing Information Security and in particular to
- Define how to ensure that this policy is understood and applied at all levels of the firm;
- Periodically measure and verify the effectiveness of the ISMS;
- preserve the information assets of INAZ and its customers, guaranteeing adequate levels of security in the treatment of information within the company processes;
- Improve cyberattack response capability through proactive investigative tools and escalation procedures;
- Increase security levels by involving third parties;
- ensure that personal data is processed in accordance with the principles of “privacy by design” and “privacy by default”;
- Ensure adequate levels of availability and security of the public cloud with particular reference to data protection and prevention of data breaches taking into account all applicable regulations;
- Promote continuous learning about risk identification and management through incident experience;
In order to achieve the objective of information security, the aim is to know, by means of appropriate tools and procedures, the value of the information and the means used for its processing and dissemination, the threats to which it is exposed and its vulnerability, and to reduce the risks to an acceptable threshold through the design, implementation and formalization of an “Information Security Management System”, which meets the legal requirements and complies with the ISO/IEC 27001 standard and the ISO/IEC 27018, 27017 and 27035 guidelines.