Certifications

Cedacri is UNI ISO 9001:2015 certified with the following scope:
Design, development, maintenance, and outsourcing of information systems and related support and organizational consulting services in the banking sector. Design and provision of application service providing, facility management, digital signature, certified email, and disaster recovery services. Specialized consulting, particularly in the areas of internal controls, organizational models for the prevention of unlawful acts, and anti-money laundering (IAF 33, 35).

Cedacri is ISO/IEC 27001:2022 certified with the following scope:

• Design, development, maintenance, and outsourcing management of information systems

• Application Service Providing

• Facility Management

• Digital Signature

• Certified Email

• Training and organizational consulting services in the banking sector

• Disaster Recovery

Cedacri is ISO/IEC 20000-1:2018 certified with the following scope:
The Information Technology Service Management System (ITSMS) of Cedacri supports the provision of the following ICT services to banking and financial institutions and other external customers: application and infrastructure management, and application and infrastructure maintenance.

Cedacri is compliant with the PCI DSS standard, which includes a comprehensive set of requirements covering process management, security measures, network architecture, and software design — all aimed at ensuring that credit cardholder data is protected and processed securely.

Cedacri, as a Service Bureau, has achieved the Standard Certification Level in compliance with the requirements of the SWIFT Shared Infrastructure Programme.

The auditing firm KPMG S.p.A. issues the ISAE 3402 Type II report, based on the “International Standard on Assurance Engagements No. 3402,” issued by the International Auditing and Assurance Standards Board (IAASB). This internationally recognized standard attests to the design and operating effectiveness of general IT controls over the management and delivery processes of full outsourcing services related to financial reporting.

Compliance with the eIDAS Regulation (EU) 910/2014
Qualified trust service provider for the issuance of qualified digital signature certificates – AgID (registration date: 01/07/2017).

Certified Email (PEC)
Certified PEC provider accredited by the Agency for Digital Italy (AgID) – registration date: 09/02/2006.