ISO 9001 Certification
ISO 9001 Quality Management System
Boasting very extensive experience and a successful portfolio, our company offers its managerial and organizational expertise to companies that are interested in obtaining certification for their Quality Management System (ISO 9001): including the analysis of the initial situation, on-site implementation, the identification of the processes and performance indicators, staff training and relations with the Certifying Body.
Our team performs this process with our business client via specific stages, including:
- Increasing staff awareness ;
- Initial audits ;
- The implementation of the Quality Management System ;
- Staff training ;
- Certification Assistance ;
- The maintenance and improvement of the system over time, during which the flanking activities ultimately lead to partnerships based on the sharing of results and the transmission of knowledge. .
Thanks to their managerial expertise, our consultants are capable of implementing organizational changes and improvements to the clients’ business and quality management processes, as well as throughout the entire company. We’re capable of re-activating the channels that will ensure the entire staff’s active involvement in the quality system’s management, above all in terms of prevention and planning.
ISO 27001 Certification
“Information Security Management System”
Thanks to our experience in the fields of Security and Management Systems, as well as our regular contacts with the ISO international technical committees, we are capable of assisting our clients in the creation, management, maintenance and continuous improvement of their own Information Security Management System (ISMS), applying consolidated, proven and internationally-shared methods and approaches.
With our streamlined and effective approach, we are capable of helping any company, institution or organization obtain ISO 27001:2013 certification, thus providing them with tangible benefits.
Getsolution is part of the "ISO / IEC 27000 SERIES" working group on the Information Security Management System and is an Italian delegate and active participant in international work on the ISO / IEC 27000 series.
Another key aspect of our methodology is the integration of management systems and regulatory requirements through the integrated management of the same. This means that, while the client creates its own ISMS, it is integrated at a management level, for example, with:
- The system implemented for ISO9001 certification
- The system implemented for the requirements set forth by GDPR
- The system implemented for the requirements set forth by SOX
- The system implemented for the obligations defined by Legislative Decree 231/01
This results in a single management system, offering the highest levels of efficiency and effectiveness with regard to the company’s Corporate Governance.http://www.iso.org/iso/home.htm
Standard ISO 20000
“IT Service Management”
Over time, companies come to realize the importance of managing their IT processes in the best possible manner. They don’t just represent “an internal service” for sustaining the company’s business, but actually represent the business itself, as the IT system serve to improve the company’s products and services, in the pursuit of maximum efficiency and effectiveness, as well as customer satisfaction.
Furthermore, the IT processes can often be fundamental to innovations that will enhance the value of the business and, therefore, that of the company as well.
In this regard, an international standard has been issued as an aide for companies: ISO 20000:2011 “Information technology – service management”.
We assist companies in implementing the ISO 20000:2005 standard in order to better define and manage their IT services, effectively responding to the needs dictated by the market, while at the same time respecting the client’s requirements.
Thanks to our experience with large and highly complex companies on both a national and international level, we are capable of helping our clients achieve the various points defined by the standard for the creation, management, updating and improvement of their IT processes, thus allowing them to obtain the relative certification ISO 20000:
- Definition of IT Governance;
- Planning and implementation of services (IT);
- Planning and implementation of new services (IT) and change management;
- Management of delivery processes;
- Management of relationships between processes;
- Control of the processes;
- Management of the releases.
ISO 22301 Certification
“Business Continuity Management System”
This certification is the world’s first standard for the management of business continuity, and is designed to minimize the disruption to business continuity, whether due to serious malfunctions or minor issues.
The standard is designed to maintain business continuity under the most problematic and unforeseen circumstances.
For a company, having a BCM (Business Continuity Management) certificate will increase its stakeholders’ confidence in the company’s ability to ensure operational continuity, by implementing controls based on the BCM best practices, thus covering all processes in their entirety.
We assist companies in the creation and ongoing maintenance of their BCMS (Business Continuity Management System), as well as in obtaining the relative certification.http://www.iso.org
ISO 27701 certification
Privacy Information Management System
By our experience on the personal data protection field, we support Companies during the creation, management, maintenance and improvement of their PIMS (Privacy Information Management System) according to the ISO / IEC 27701: 2019 standard.
Through the Management System for the protection of personal data processed, the Company, whether it acts as Data Controller or Data Processor, will be able to make use of important formal evidences that document how it manages personal data, also obtaining various advantages:
- achieve a high level of accountability, especially towards the Supervisory Authority
- prove compliance with the GDPR and current regulations on the protection of personal data, in compliance with the principles of privacy by design and by default
- generate trust in customers and data subjects regarding the Company's ability to correctly manage personal data
- define Roles and Responsibilities within the Organization
- develop internal skills and sensitivity on the data processing field
- improve business processes aimed at avoiding infringements of the law
- equip the business processes with a system for managing data breaches and requests from data subjects
- adopt suitable measures to protect the data processed
We can also support companies in integrating the PIMS with the Information Security Management System (ISMS) adopted in accordance with the provisions of ISO / IEC 27001: 2013 and the Quality Management System (QMS) adopted in compliance with ISO 9001: 2015.
ISO 27017 Certification
“Information Security Management System” for Cloud Service Providers (CSP)
The ongoing commitment to provide advice regarding best practices recognized globally, has led our company to investigate the IT security aspects concerning cloud computing in order to support companies for the definition of roles and liability of the various players in order to guarantee data security..
With the ISO/IEC 27017 standard the guarantees of the ISMS (Information Security Management System) can be traced back to Cloud Service Providers by providing new controls based on the following points:
- Erasure and return of Cloud Service Customers' assets after termination of contract
- Network security handling and incident response
- Client’s virtual environments protection and segregation
- Roles and liability management between Cloud Service Supplier and Client
- Administrative tasks and procedures related to Cloud environment
- Virtual Machines’ setup for business’ demands
- Clients’ activities monitoring in Cloud environment
Our company has the tools and professionals able to support its Clients during the certification ISO / IEC 27017 process which expands the ISO / IEC 27001 controls allowing to reach a further level of efficiency and security of Cloud Service Providers.
ISO 27018 Certification
“Personally Identifiable Information Security” for Cloud
The Cloud Computing’ spread raised concerns about security, confidentiality and control of personal data stored in the Cloud environment. For this reason, with our twenty-year experience in the Compliance area, we have invested in the training of professionals able to support the Company's Clients for the implementation of controls that apply to personal information (Personally Identifiable Information or PII) in the public cloud.
ISO / IEC 27018:2019 provides indeed a series of controls expressly designed for personal data and constitutes the first international standard to guarantee the principles and standards by the Cloud Service Providers who use them.
Specifically, the chapters and control areas are modeled according toISO 29100 – Privacy Architecture Framework and define the following areas:
- Option and consent
- Legitimacy of the business purpose
- Principle of data minimization
- Use, storage and spread restrictions
- Transparency and communication
- Data security
- Privacy Compliance
The data storage in the Cloud, through the adoption of the ISO27018 standard, allows Cloud Service Providers to ensure their protection and, therefore, to their Customers, to satisfy the regulatory obligations on data security.
We can assist our Clients, defining step by step the actions to be taken and the management models to be adopted to obtain ISO 27018 certification.
CSA STAR Level 2 certification
“Information Security Management System” for Cloud Service Providers (CSP)
The CSA STAR certification is a system developed by the Cloud Security Alliance (CSA) that delves into specific aspects of cloud security. It originated as an enhancement of the ISO/IEC 27001 standard, focusing on critical security areas for a particular sector, such as cloud computing.
The system developed by CSA, which is based on the Cloud Control Matrix (CCM), can be adopted by any cloud provider (CSP) that has already obtained ISO/IEC 27001 certification or is in the process of obtaining it.
In order to obtain the CSA STAR certification, we support our clients throughout the certification process:
- Completion of Level 1 Self-Assessment (CAIQ)
- Completion of the Cloud Controls Matrix
- Implementation of controls specified by the CCM
- Assistance during certification body audits
If not already certified, we assist CSPs in obtaining ISO 27001 certification, which is a necessary requirement to achieve CSA STAR Level 2 certification.
By obtaining it, the CSP will be able to demonstrate to its customers and the relevant market that it has systematically addressed critical aspects of cloud security, adopted suitable security measures, and provided assurances of reliability, security, and transparency in the services offered. These assurances are essential for the Italian public sector, which requires compliance with the Cloud Strategy for Italy by the ACN, including CSA STAR certification.