Company Certifications

Company Certifications

To provide its clients with services and products that ensure security, reliability, and high quality, Entaksi Solutions SpA has adopted an Integrated Management System compliant with the following international standards:

ISO 9001:2015: Quality management systems – Requirements.

ISO/IEC 20000-1:2018: Information technology – Service management – Part 1: Service management system requirements.

ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements.

ISO/IEC 27017:2015: Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

ISO/IEC 27018:2019: Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

ISO/IEC 27035:2016: Information technology – Security techniques – Information security incident management.

ISO/IEC 22301:2019: Security and resilience – Business continuity management systems – Requirements.

UNI ISO 37001:2016: Anti-bribery management systems – Requirements and guidance for use.

Entaksi Solutions SpA – Irish Branch is also a Qualified Trust Service Provider (QTSP), specialized in delivering Trust Services such as issuing qualified certificates for electronic signatures and seals, creating electronic timestamps, and long-term preservation of electronic signatures and seals.
The organization complies with the following standards, containing the policies and requirements for trust service providers:

ETSI EN 319 401: General Policy and Security Requirements for Trust Service Providers.

ETSI EN 319 411-1: Policy and security requirements for trust service providers issuing certificates – Part 1: General requirements.

ETSI EN 319 411-2: Policy and security requirements for trust service providers issuing certificates – Part 2: Requirements for trust service providers issuing EU qualified certificates.

ETSI EN 319 412-1,2,3,5: Certificate profiles.

ETSI EN 319 421: Policy and security requirements for trust service providers issuing timestamps.

ETSI EN 319 422: Time-stamping protocol and token profiles.

ETSI TS 119 511: Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques.

The certifications have been issued by DNV, one of the leading certification bodies worldwide. Entaksi pursued these certifications to make evident and objective its focus on customer satisfaction, the commitment with which the company designs and provides excellent solutions and services, and the ongoing effort toward continuous improvement.

Visit our dedicated page on Quality and Information Security Policies.

CSA STAR Level 2 Certification

CSA STAR (Security Trust Assurance and Risk) Level 2 is a specialized security certification developed by the Cloud Security Alliance specifically for cloud service providers. This certification requires a third-party assessment based on the Cloud Controls Matrix (CCM) — a comprehensive framework of security controls specific to cloud environments. This standard addresses cloud-specific topics such as data protection, virtualization, and supply chain management. Based on ISO 27001, it evaluates not only compliance but also the maturity level of implementation through independent auditor verification. Organizations that achieve this certification are listed in the CSA STAR Registry, ensuring maximum transparency for their customers. This certification provides greater assurance compared to the self-assessment required for Level 1, offering reliable proof of suitability in cloud security, specifically designed for cloud service providers handling sensitive information.

Greater security assurance: CSA STAR Level 2 certified providers undergo rigorous third-party audits specifically designed for cloud services.
Reduction of specific risks: the certification identifies cloud-specific vulnerabilities that general security frameworks may overlook, significantly reducing the risk of data breaches and security incidents.
Simplified vendor qualification: the standardized assessment framework eliminates the need for extensive security questionnaires, saving time and resources during vendor evaluation and providing reliable insights into information security levels.

AgID-Qualified Digital Preservation Provider

Entaksi Solutions is a qualified conservator in accordance with the requirements set out in the “Regulation on the criteria for providing electronic document preservation services” issued by the Agency for Digital Italy (AgID).

These requirements include:

Organizational, technical, and financial reliability.
High quality and security standards.
Qualified personnel with specific experience and expertise in the field.
Reliable and secure systems, compliant with safety and interoperability criteria and standards.
Compliance with the technical rules provided by the CAD (Digital Administration Code).
Guaranteeing confidentiality, authenticity, immutability, integrity, and accessibility of the preserved electronic documents.

For more information, visit the Preservation Services Marketplace created by the Agency for Digital Italy (AgID).

ACN Cloud Marketplace

Entaksi is a provider of SaaS (Software as a Service) Cloud services within the Catalog of Cloud Services for Public Administration.
All Entaksi services listed in the catalog have obtained qualification issued by the National Cybersecurity Agency (ACN).
The qualification process involves the verification of numerous requirements inspired by international practices and standards concerning quality, security, performance, scalability, interoperability, and service portability, in order to certify the reliability of the provider.

A service listed on the ACN Cloud Marketplace therefore guarantees:

Security: requirements cover every aspect related to data protection.
Reliability: specific controls ensure operational continuity and service delivery capacity.
Compliance with Service Level Agreements (SLAs): adherence to guaranteed service levels is mandatory.
Support: The organization and responsiveness of technical support and assistance are evaluated.
Data protection: particular attention is paid to compliance with the European General Data Protection Regulation.
Interoperability and transparency: services must ensure portability to other platforms and the possibility of integration with other modules via APIs.

ISO 9001:2015

At the heart of ISO 9001 are the customer and customer satisfaction.
The entire production process of Entaksi is based on the requirements defined by this standard.
Design, implementation, evolution, and support for products and services are subject to the quality controls required by the standard.

ISO/IEC 20000-1:2018

The ISO 20000-1 standard is the international benchmark for IT Service Management. Entaksi has chosen to obtain certification for compliance with this standard to ensure the highest quality and reliability of its IT services, as well as the continuous improvement of its products and services.

ISO/IEC 22301:2019

Ensuring operational continuity is essential to guarantee the availability of provided services. For this reason, Entaksi has chosen to align its systems with the international standard ISO 22301 for Business Continuity Management Systems (BCMS).

ISO/IEC 27001:2022

Compliance with the ISO 27001 standard is aimed at protecting data and information to ensure their integrity, confidentiality, and availability. An appropriate Information Security Management System (ISMS), based on this standard, guarantees the security of the information entrusted to Entaksi. The certification also extends to the controls of ISO/IEC 27017:2015, ISO/IEC 27018:2019, and ISO/IEC 27035:2016.

ISO 37001:2016

The ISO 37001 standard defines a framework for establishing an Anti-Bribery Management System, providing guidelines to prevent, detect, and address corruption within any business process. It includes requirements for defining policies, procedures, and preventive measures, promoting integrity and legal compliance across all organizations.

EU Regulation No. 910/2014 (eIDAS)

EU Regulation (No. 910/2014) eIDAS defines policies and requirements for Qualified Trust Service Providers, as well as the technical rules for providing trust services related to the issuance of qualified certificates for electronic signatures and seals, the creation of electronic timestamps, and the long-term preservation of electronic signatures and seals.

CSA STAR Level 2

The Cloud Security Alliance (CSA) developed the Security, Trust & Assurance Registry (STAR) certification to provide a clear and verifiable framework for assessing cloud service security. Level 2 of the CSA STAR certification extends the ISO/IEC 27001 certification by integrating a third-party audit based on the Cloud Controls Matrix (CCM).