Certifications and Compliance

For us, Security and Privacy are fundamental and so important that the development of the Nivola platform was conducted with three key aspects in mind:

  • security

  • organisation of the service

  • reliability

Starting from these pillars, we have identified services, processes, organisation and IT solutions that fully comply with Italian and international regulations, in particular for cloud computing services and the data centres that host the Nivola Availability Zones, including connectivity at the Turin and Vercelli data centres. By applying these constraints we have obtained the most important certifications in the Cloud field, which make us compliant with the highest standards of security and reliability.

ISO 9001:2015

../../_images/iso_9001.png

Certification ensures that our system provides for the systematic management of risks and opportunities, the constant monitoring of business processes to ensure quality standards, and the adherence to service times and costs in the context of

  • design, implementation, interconnection, maintenance, training, management and operational management of automated information systems and of application, infrastructure and network information services;

  • design and delivery of training interventions and training on the ICT services provided.

ISO 27001:2013

../../_images/iso_27001.png

ISO/IEC 27001 is the only auditable and certifiable international standard that defines the requirements for an ISMS (Information Security Management System) and is designed to ensure the selection of appropriate and proportionate security controls. It is based on precise requirements to ensure security in the management of information and the handling of derived risks. The certification obtained by CSI Piemonte ensures that all cloud services available to customers are designed to guarantee maximum security in information management. The scope of certification includes the design, implementation, delivery and support of facility management services for Data Centres and cloud computing services.

ISO 27017:2015

../../_images/iso_27017.png

ISO/IEC 27017 series of standards and defines advanced controls for both providers and customers of cloud services. It clarifies the roles and responsibilities of the different actors in the cloud with the aim of ensuring that data stored in cloud computing is safe and secure. The integration with ISO 27017 is therefore aimed at demonstrating CSI Piemonte’s ability to ensure data protection.

ISO 27018:2014

../../_images/iso_27018.png

The Certification attests that the Nivola System complies with the directives on the protection of personal data and therefore the privacy of customers who entrust their information to a Cloud service.

The Code of Conduct for the Protection of Personally Identifiable Information (PII) in Public Cloud Services for Cloud Providers is a guideline for public cloud service providers who want to improve their management of personal data.

The objective of this standard is to provide a structured way, based on privacy by design, to address the main legal and contractual issues related to the management of personal data in distributed computing infrastructures following the public cloud model. The specific countermeasures introduced by ISO 27018 are based on defined international privacy principles. These principles have been used to guide the design, development, implementation, monitoring and measurement of privacy policies and privacy controls in the cloud computing services offered by CSI Piemonte.

Integration with ISO 27018 is intended to demonstrate CSI Piemonte’s ability to ensure data protection.

ISO 20000-1:2018

../../_images/iso_20000.png

The Certification demonstrates that CSI, as a Cloud Provider, implements all best practices to establish, implement, maintain and improve a service management system, a reference framework to support management in the lifecycle of cloud service delivery. The standard promotes the use of an integrated model of IT service management processes that corresponds to the ITIL® framework (IT Infrastructure Library), a standard adopted by CSI Piemonte since the early 2000s.

ISO 22301:2012

../../_images/csq_22301.png

The Certification recognises the ability of CSI Piemonte in relation to the cloud services provided to put in place behaviours, recommendations, processes, technologies in order to ensure the resilience of the services provided in the face of events that may compromise customer services and the very ability to provide cloud services in continuity.

ISO 50001:2011

../../_images/iso_50001.png

The Certification determines that our Energy Management System has been planned and implemented in compliance with energy legislation and is aimed at ensuring the energy efficiency of the production processes it promotes:

  • energy saving and progressive reduction of waste;

  • optimisation of current energy uses, in particular in the data centre and heating/air conditioning of buildings;

  • evaluation of energy efficiency aspects in procurement processes

ANSI TIA 942 2017 Rating III

../../_images/tia_942.png

The ability of our Data Center to guarantee the continuity of the services provided is guaranteed by the certificate obtained. Rating III demonstrates that the Data Centres hosting Nivola’s cloud services are equipped with highly reliable and resilient systems. All components are redundant, allowing any maintenance intervention without the need of service interruption. The minimum uptime guaranteed by Tier III is 99.98% on an annual basis.

AGID CSP qualification - PA Cloud

Accreditation as a Type C Cloud Service Provider qualified by AGID to provide cloud services to the Italian Public Administration allows customers to benefit from secure and reliable services. The qualification ensures that in providing our services we adopt all the standards required to offer digital services to the PA. Additional information can be viewed in the AGID Cloud Marketplace. https://cloud.italia.it/marketplace/service/12

pic1 pic2 pic3