Certifications and attestations

Quality and security to create value

Among INAZ’s strategic objectives is the development and consolidation of standards of excellence and best practices for all services and solutions offered to customers, as well as the protection of the confidentiality, availability, and integrity of data and information.
INAZ has established an integrated management system based on the best regulatory standards and, through its Compliance department, has defined an internal control system capable of preventing compliance, operational, and information security risks. Furthermore, we believe that the integrated management system serves as a communication tool to the market through the achievement of the following certifications and attestations:

ISO 14001 Certification, which certifies the adoption of a solid environmental policy system
ISO 9001 Certification, which certifies the quality management system
ISO/IEC 27001 Certification for information security, and adherence to ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27035, and ISO/IEC 27701 guidelines
ISAE 3402 Type Two Attestation
ACN Qualification
- SaaS – ACN Cloud Marketplace (italia.it)
- Infrastructure – ACN Cloud Marketplace (italia.it)

Achieving these certifications ensures the implementation of excellence standards in the execution of the following activities:

Software design and provision of technical support for human resources management and administration. Design and delivery of courses and conferences. Marketing, design, implementation, and delivery of payroll and personnel administration services, including in Software as a Service (SaaS) mode, as well as IaaS and PaaS services provided through its datacenter located at Viale Monza No. 268 in Milan.
Design and development of software and provision of technical support for human resources management and administration. Design and delivery of courses and conferences. Design, delivery, and marketing of payroll and personnel administration services, including in SaaS mode for public and private entities.
Software design, development, maintenance, and related application support for human resources management and administration, including in SaaS mode. Payroll and personnel administration data processing services.
Provision of data processing services in SaaS mode.
Management of security incidents related to data processing services for payroll and personnel administration.
Processing of personal data for the provision of payroll and personnel administration data processing services.
INAZ is listed in the catalog of ACN-qualified digital infrastructures and cloud services for both SaaS services and Datacenter solutions, which are included in the public list of Cloud Service Providers (CSPs). This qualification ensures that the infrastructure and services provided are designed and maintained in operation in compliance with the reliability and security criteria necessary for the provision of digital services for Public Administration.

UNI EN ISO 9001: the first fundamental step to build our excellence and reliability

Within the framework of its Corporate Policy and through the commitment and active involvement of all company components, INAZ strives to be the market leader in offering innovative solutions, software, and services for Human Resources Management and Administration. INAZ’s mission is to:

Provide innovative solutions capable of creating value for the customer
Understand the expectations and needs of current and future customers, employees, partners, stakeholders, and the broader community.
Enhance and develop the knowledge and skills of the entire company.
Pursue and share corporate values with customers, employees, suppliers, partners, and the social environment.
Continuously improve products and services, also by adopting quality and security standards.

Core Principles for Quality Management:

Customer-oriented organization
Leadership
Employee involvement
Process-based approach and systemic management approach
Continuous improvement
Fact-based decision-making
Mutually beneficial supplier relationships

All this must be implemented while adhering to the values that have always defined INAZ:

Responsibility
Competence
Family-owned business
Customer centrality
Sustainability
Innovation
Corporate Governance
Excellence

Rev. of November 11, 2024

Information security and privacy policy

Within the framework of its Corporate Policy and through the commitment and active involvement of all company components, INAZ is committed to pursuing Information Security and Privacy, specifically by:

Defining the necessary measures to ensure that this policy is understood and applied at all company levels;
Periodically measuring and verifying the effectiveness of the Information Security & Privacy Management System (SGSI&P);
Safeguarding INAZ’s and its customers’ information assets, ensuring adequate security levels in information processing within business processes;
Improving cyberattack response capabilities through the Security Operation Center, proactive investigation tools, and escalation procedures;
Increasing security levels and compliance with privacy regulations, also involving third parties, customers, and suppliers;
Ensuring that personal data processing is carried out in compliance with privacy by design and privacy by default principles;
Guaranteeing adequate levels of availability and security of the public cloud, particularly regarding data protection and the prevention of data breaches, while taking into account all applicable regulations;
Promoting continuous learning on risk identification and management based on incident response experiences;

To achieve Information Security and Privacy objectives, we aim to understand, through appropriate tools and procedures, the value of information and the means used for its processing and dissemination, the threats they are exposed to, and their vulnerabilities. Risks must be brought to an acceptable level through the design, implementation, and formalization of an “Information Security and Privacy Management System” that meets legal requirements and complies with ISO/IEC 27001 standards and the ISO/IEC 27018, 27017, 27035, and 27701 guidelines.

Rev. of May 29, 2024

✓	Technical
x	Third parties

Certifications and attestations

Quality and security to create value

UNI EN ISO 9001: the first fundamental step to build our excellence and reliability

Information security and privacy policy

USEFUL LINKS

My Inaz