Service security
Encryption, tenant isolation, data protection in transit and at rest, key management.
Compliance · Cloud for Italian PA
Qualification of cloud services for the Italian public administration.
Technical, organizational and security requirements for cloud providers serving the Italian public sector. Framework set by the Italian national qualification scheme for public administration cloud services (managed by competent Italian authorities).
Context
Who it applies to
Cloud service providers (CSPs) and SaaS providers intending to sell or deliver services to entities of the Italian public administration, according to categories and levels defined by the national qualification framework in force. The regulatory framework is evolving: the precise scoping is defined during the engagement based on starting date and service perimeter.
What the assessment covers
What the assessment covers
Governance and organization
Roles, responsibilities, documented processes, personnel training and management for staff accessing PA data.
Data localization and sovereignty
Physical location of resources, legal residence of data, controls over access jurisdictions.
Continuity and resilience
Business continuity, disaster recovery, SLAs, crisis management.
Supply chain
Sub-suppliers, technology dependencies, third-party risk assessment.
Audit and traceability
Logs, evidence, verification procedures and support to client audits.
Same method
Same methodology, applied to the specific regulation.
The methodology common to all certifications — the open-source platform, the documents delivered, the 0–5 maturity model, the work phases — is described once on the main Compliance page.
Have a deadline to face on this regulation?
We start with a scoping: classification of the organization, perimeter, responsible people, availability of existing evidence. From there the rest is sized.