ISO 9001:2015 Certification
Cedacri is certified ISO 9001:2015 with the following scope:
Design, development, maintenance and information systems outsourcing and related training services and organizational consulting in banking industry.
Design, development of application service providing, facility management, digital signature, certified electronic mail, disaster recovery services.
Specific consulting especially for internal controls, corporate governance, anti-money laundering.
Design and provision of business training services.
UNI CEI ISO/IEC 27001:2014 (ISO/IEC 27001:2013)
Cedacri is certified UNI CEI ISO/IEC 27001:2014 for the following field of application:
• Design, development, maintenance and information systems outsourcing
• Application Service Providing
• Facility Management
• Digital signature
• Certified electronic mail
• Training Service and Organizational Consulting in banking industry
• Disaster Recovery
Certificazione ISO/IEC 20000-1: 2011
Cedacri is certified ISO/IEC 20000-1:2011 for the following field of application:
The Information Technology Service Management System of CEDACRI supporting the provision of the following ICT services to Banking and Financial Institutions and to other external customers: Application and Infrastructure Management, Application and Infrastructure Maintenance
PCI DSS – Payment Card Industry Data Security Standard
Certification of compliance with the PCI DSS standard, concerning a vast list of requirements around process management, security measures, network architecture, software design and development, finalized to ensure cardholder data are protected and managed in a safe manner and in a secure environment.
SWIFT Service Bureau standard certification
Cedacri as a Service Bureau has successfully acquired the Standard Certification level in compliance with the requirements of the Shared Infrastructure Programme.
Certification ISAE 3402 Type Two
KPMG S.p.a. in its role of Cedacri’s auditor, has issued the ISAE 3402 report with coverage from 1st November 2016 until 31st October 2017. The report is based on the auditing standards “International Standards on Assurance Engagements n° 3402” issued by International Auditing and Assurance Standard Board (IAASB) and it is internationally acknowledged to attest the design and the operating effectiveness of the General IT Controls applied to the management and delivery processes of the full outsourcing services in scope for financial reporting.
Certification ISAE 3000
KPMG S.p.a., in its role of Cedacri’s auditor, has issued the report ISAE 3000 Type II (Assurance Engagements Other Than Audits or Reviews of Historical Financial Information) with coverage from 1st Nov 2016 until 31st Oct 2017. The report attests the conformance to the requirements set by the Regulators on the service providers as stated by Bank of Italy through “Regulatory Provisions for Banks - Circular n. 285 as at 17th Dec 2013 – 11Th update as at 21st Jul 2105 – The Information System (Chapter 4)“. This report includes the results of the control activities executed under the ISAE 3402 attestation.
Conform to the standard (UE) 910/2014 EIDAS for the Provision of Qualified Digital
Signatures Services - AgID (Agency for Digital Italy) (date of entry 01/07/2017).
Certificated E-mail Operator accredited by AgID (Agency for Digital Italy) (date of entry 09/02/2006).
TIER III - Continuity of Business (power supply, air conditioning, resistance to natural events)
Certification of compliance with the requirements of the data center "Tier Performance Standards" document "White Paper - Tier Classification Define Site Infrastructure Performance" published by the Uptime Institute, issued by an inspector certified by the Uptime Institute as a Tier Accreditated Designer.