Certifications and Compliance

Gender Equality

Zucchetti has obtained the Gender Equality Certification for aligning its activities with the UNI/PdR 125:2022 guidelines, the only standard in Italy on gender equality. This standard establishes strict criteria to assess organizations' commitment to fostering cultural change in support of diversity and inclusion initiatives.

GDPR - Privacy

Since October 2015, Zucchetti has been an Accredited Certifier with AgID for issuing qualified digital signature certificates. In compliance with the new eIDAS Regulation (EU Regulation 910/2014), which came into effect on July 1, 2016, Zucchetti has obtained certification as a Qualified Trust Service Provider for Digital Signature and Timestamping services.

Digital Signature and Timestamping

Since October 2015, Zucchetti has been an Accredited Certifier with AgID for issuing qualified digital signature certificates. In compliance with the new eIDAS Regulation (EU Regulation 910/2014), which came into effect on July 1, 2016, Zucchetti obtained certification as a Qualified Trust Service Provider for Digital Signature and Timestamping services. Therefore, Zucchetti's digital signatures and timestamps have full legal validity in all European Union member states.

Quality Management System

Zucchetti has implemented a Quality Management System (QMS) compliant with the ISO 9001:2015 standard, aimed at achieving the company's objectives of:

• ensuring the continuous improvement of customer satisfaction and meeting their needs;
• optimizing resource management and the interactions between business processes;
• minimizing the occurrence of non-conformities in products and/or services as much as possible.

View the certificate

Information Security

Zucchetti places strategic importance on the secure handling of information and recognizes the need to continuously develop, maintain, control, and improve an Information Security Management System (ISMS), in accordance with the ISO/IEC 27001:2013 standard.

Cloud Services Code of Conduct

Zucchetti has decided to adopt the ISO/IEC 27018 Code of Conduct for the protection of PII (Personally Identifiable Information) in public cloud services for cloud providers. This is a guideline for public cloud service providers who wish to enhance the management of personal data.

With this standard, Zucchetti provides a structured approach, based on privacy by design, to address the main legal and contractual issues related to the management of personal data in distributed IT infrastructures, following the public cloud model.

Data Security in Cloud Computing

Zucchetti has adopted the ISO/IEC 27017 standard, which defines advanced controls for both cloud service providers and clients. It clarifies the roles and responsibilities of various stakeholders in the cloud environment with the aim of ensuring that data stored in cloud computing is secure and protected.

Business Continuity System

Zucchetti has obtained ISO 22301 certification, which establishes the requirements for efficient Business Continuity management. This refers to a set of practices aimed at maintaining Operational Continuity under adverse conditions, minimizing the impact of potential incidents on customers, stakeholders, and the entire business ecosystem.

Internal Control System - Zucchetti HR Solutions

Zucchetti has obtained ISAE 3402 certification, which, following independent audits, guarantees the client the maximum effectiveness and actual functioning of the controls in place on internal operational processes in the provision of Zucchetti HR services and solutions (HR Infinity and HR Project platforms in SaaS, PaaS, and License models for the production component).

Zucchetti adopts the ISAE 3402 TYPE II, the verification type that provides greater guarantees as it documents over a 12-month period that the controls have been consistently managed.

Internal Control System - Zucchetti DataCenter Services

Zucchetti has obtained ISAE 3402 TYPE II certification, which, following independent audits, guarantees the client the maximum effectiveness and actual functioning of the controls in place on internal operational processes supporting the provision of DataCenter Services.

Cloud Services Certification for Public Administration

In order to comply with AgID Circulars No. 2 and 3 of April 9, 2018, which mandate that, as of April 1, 2019, Public Administrations may only acquire IaaS, PaaS, and SaaS services that have been qualified by AgID and published in the Cloud Marketplace (Catalog of Qualified Cloud Services for Public Administration), Zucchetti has completed the CAIQ (Consensus Assessments Initiative Questionnaire) SaaS and PLA (Code of Practice) SaaS HR area questionnaires. These are necessary to declare the security measures adopted for the protection of personal data and to finalize and implement ISO 27001 certification.

Peppol Access Point AgID qualified

Zucchetti is an Access Point Provider recognized by the Italian PEPPOL Authority, AgID. PEPPOL is the standard that allows businesses and public administrations to send and receive business documents in a standardized format over an open, global, and secure network.

Environmental Management System for DataCenter Services

Zucchetti has obtained environmental certification for the provision of Data Center services.

Reporting of GHG Emissions Related to Corporate Mobility

Zucchetti has developed the "Mobility Footprint Calculator" (MFC) to report GHG (Greenhouse Gas) emissions related to corporate mobility, in accordance with the ISO 14064-1:2018 standards and the GHG Protocol Corporate Standard.