Aruba Group Certifications

We offer certified services in terms of quality, energy, security and product. See also our accreditations

Actalis and Aruba PEC are Qualified Trust Service Providers for the supply of QWAC and QsealC services (source: Konsentus).

Design, management, developing and provisioning of:

  • Data Center services (Dedicated Servers, Virtual Servers, Colocation, Hosting)
  • Cloud oriented solutions in IaaS, SaaS and PaaS mode
  • Certified (PEC) and conventional electronic mail
  • Digital signature and qualified signature, graphometric signature and other technological solutions of advanced electronic
  • signature, remote signature, Certification Authority services
  • Public Key (PKI) or information security related infrastructure
  • Document Dematerialization and e-billing services
  • Backup and Disaster Recovery
  • ICT consultancy services and related specialist assistance event through call center
  • Product and customization of Smart Cards. Information security hardware and software sales, installation and assistance
  • Identity Provider for issuing and managing of digital identity and related authentication credential to access the "SPID" services
  • Provision of internet connectivity services

ISO 20000-1 standard represents a reference tool for the organization of IT services, aimed at improving their provision and usage. Its objective is to ensure the highest quality of services provided at the best possible cost.

ISO 22301 is an international standard for management of business continuity, defining the necessary requirements for planning, establishing, implementing and running a documented management system. It also monitors, maintains and continuously improves the management system to protect against, reduce the risk of disruptive incidents, and restore operations should these arise.

Design, development and supply of software and services for:

  • Data Center (Dedicated Servers, Virtual Servers, Colocation, Hosting);
  • Cloud oriented solutions in IaaS, SaaS and PaaS mode;
  • Conventional and certified electronic mail (PEC);
  • Digital signature and qualified signature, graphometric signature and other technological solutions ofadvanced electronic signature, remote signature, Certification Authority services and personalization ofmicroprocessor cards (Smart Cards);
  • Digital long term preservation;
  • Backup and Disaster Recovery and related specialist assistance;
  • anagement and maintenance of servers, workstations, computer networks and related apparatus andlogic security systems;
  • Issue and management of "Digital Identity" and related authentication credentials for access to "SPID" services asan Identity Provider;
  • E-invoicing services;
  • Connectivity services.

The security, reliability and transparency of Aruba cloud services is guaranteed by compliance with CSA STAR (Cloud Security Alliance - Security Trust Assurance and Risk) principles.

View in PDF format

CSA STAR Registry

Certificate of compliance of Data Center monitoring and measurement tools, calculation procedures and methodology in accordance with the Climate Neutral Data Center Pact requirements in terms of PUE, WUE, clean energy, economy and circular energy as established by the Self-Regulatory Initiative (SRI).

Certificate of compliance for Aruba Data Centers in Bergamo (DC-A, DC-B and DC-C), Aruba Data Center in Arezzo (DC-Gobetti) and Aruba Data Center in Rome (IT4-DCA) to practices set out in the EU Code of Conduct for data center energy efficiency (2023 Best Practice Guidelines for the EU Code of Conduct on Data Center Energy Efficiency).

ISO 37001 Certification The ISO 37001 certification demonstrates our commitment to preventing and combatting any internal and external corrupt conduct within the Group, adopting a management system for the prevention of corruption in compliance with the ISO 37001:2016 standard.

View in PDF format

Anti-Bribery Policy

The ISO/IEC 27018 standard is an extension of the ISO 27001 standard which specifically relates to the management of personal data in relation to IaaS, PaaS and SaaS Cloud solutions. The management of personal data processed within our Cloud services is certified as being compliant with this international standard in terms of its technical, organizational and contractual aspects.

Below is a list of the Cloud services and Data Centers that are compliant:

Services
  • Cloud Monitoring
  • Cloud Domain Center
  • Virtual Private Cloud
  • Cloud Backup
  • Cloud Load Balancing
  • Cloud Computing (VPS/PRO)
  • Cloud Bare Metal Backup
  • Cloud Object Storage
  • IaaS per SAP Hana
 
  • Aruba PA email
  • Disaster Recovery as a Service
  • Database as a Service
  • Dedicated servers
  • Aruba Managed Hybrid Cloud (OpenShift)
  • Hosted Private Cloud
  • Unified Storage
  • Doc Fly - Substitutive Conservation
  • Digital, remote and automatic signature services
Data Center
  • IT1 - Arezzo
    Via Gobetti 96
  • IT2 - Arezzo
    Via Ramelli 8
  • IT3 - Ponte San Pietro (BG)
    Via San Clemente 53

The ISO/IEC 27017 standard defines additional, reinforced security controls to address the security measures implemented by Cloud service providers. It is therefore certified that these controls have been integrated into our Information Management system.

Below is a list of the Cloud services and Data Centers that are compliant:

Services
  • Cloud Monitoring
  • Cloud Domain Center
  • Virtual Private Cloud
  • Cloud Backup
  • Cloud Load Balancing
  • Cloud Computing (VPS/PRO)
  • Cloud Bare Metal Backup
  • Cloud Object Storage
  • IaaS per SAP Hana
 
  • Aruba PA email
  • Disaster Recovery as a Service
  • Database as a Service
  • Dedicated servers
  • Aruba Managed Hybrid Cloud (OpenShift)
  • Hosted Private Cloud
  • Unified Storage
  • Doc Fly - Substitutive Conservation
  • Digital, remote and automatic signature services
Data Center
  • IT1 - Arezzo
    Via Gobetti 96
  • IT2 - Arezzo
    Via Ramelli 8
  • IT3 - Ponte San Pietro (BG)
    Via San Clemente 53

The ISO 27035 guidelines are used to make sure that procedures for responding to security incidents and events are in line with the latest standards. With the implementation of ISO 27035, solutions have been put in place to respond to incidents promptly, communicate appropriately both internally and externally, and furthermore to learn from any vulnerabilities, thus improving the general approach to managing incidents.

Design, management, developing and provisioning of:

  • Data Center services (Dedicated Servers, Virtual Servers, Colocation, Hosting)
  • Cloud oriented solutions in IaaS, SaaS and PaaS mode
  • Certified (PEC) and conventional electronic mail
  • Digital signature and qualified signature, graphometric signature and other technological solutions of advanced electronic signature, remote signature, Certification Authority services
  • Public Key (PKI) or information security related infrastructure
  • Document Dematerialization
  • Backup and Disaster Recovery
  • ICT consultancy services and related specialist assistance event through call center.

Identity Provider for issuing and managing of digital identity and related authentication credential to access the "SPID" services.

Our ISO 45001 certification shows our commitment to developing and implementing a system for managing health and safety in the workplace across all Aruba Group companies.

ISO 50001 relates to the application of management strategies whose aim is to boost energy efficiency via useful methodologies for controlling energy use and consumption. This confirms our intention to use energy in an informed way, by optimizing the use of energy resources and adopting a sustained approach, which is then translated into economic benefits for our organization and our customers.

With reference to standards: ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 / EN 319 401 / ISO 27035 / ISO 45001 / ISO 14001 / ISO 50001

Ongoing and widespread assessment of risks and opportunities is a key part of Aruba's corporate culture. Every day, we undertake to protect and make the most of all our resources:

  • our customers and the trust that they place in us;
  • our information assets, with data centers certified at the highest levels;
  • our professionals, who boast technical and cross-disciplinary knowledge;
  • our environmental and energy resources, assets of all the countries in which we work.

This enables us to increase, day by day, the confidence of customers, workers, suppliers and the community in Aruba and in our ability to manage processes in a controlled way.

We are constantly striving to

  • make sure that our Management Systems comply with international benchmark standards;
  • fully comply with industry standards;
  • promote, share and pursue the principle of continuous improvement;
  • effectively prevent and resolve instances of non-compliance;
  • review the adequacy and effectiveness of our management systems to measure them;
  • encourage the development of in-house professional skills through training and coaching;
  • share and promote our company's goals and values with partners and third parties.

In our everyday work, we focus on specific objectives in each of the three areas that are critical to us:

The quality of our services

  • Guaranteeing the punctuality, accuracy and responsiveness of the service provided.
  • Promptly evaluating external information so that the service being delivered can always be improved.
  • Improving the efficiency, long-term repeatability and reliability of all processes, mainly by using written, and therefore definite, procedures.
  • Securing and maintaining a competitive advantage over our competitors in terms of saleability of the service and our market penetration – helped by excellent value for money – with a knock-on increase in profitability.
  • Constantly striving to meet the demands and expectations of customers/the market; these must be identified as clearly and quickly as possible, whether in writing, verbally or implied.

Data protection and privacy

  • Providing data subjects with the information needed to exercise their rights with regard to processing personal data, as stipulated by current regulations.
  • Implementing adequate technical and organizational measures to ensure that by default, only personal data required for each specific purpose is in fact processed.
  • Guaranteeing the availability of information and services, including by means of specific business continuity plans.
  • Ensure the confidentiality, integrity and availability of the data being processed.
  • Preventing the modification or loss of data.
  • Drawing up procedures for identifying and managing incidents (incident handling, data breaches) in order to respond to any potential emergencies or incidents quickly, effectively and carefully.

Respect for the environment and energy resources, for the health and safety of workers

  • Choosing the best technological solutions every time in terms of energy and environmental impact.
  • Careful and rational use of water and energy resources.
  • Promoting the recycling and recovery of the waste we produce whenever possible.
  • Moving towards alternative energy sources with a low environmental impact, reducing dependency on the use of fossil fuels, wherever possible.
  • Managing sites responsibly by carrying out our activities with a commitment to protecting the health and safety of workers and the environment.
  • Guaranteeing an efficient response to emergencies.
  • Adopting technical and administrative measures to prevent workplace illnesses and accidents, by investing in eliminating hazards at source.

The ISAE 3402 certification is the evaluation of the internal control system of organizations which provide services and is issued through a report made by independent Auditors.

The ANSI/TIA-942 regulation assesses the resilience of a data center, or rather its ability to guarantee the continuity of the provided services.
The Aruba IT1, IT3 and IT4 data centers are compliant with the highest levels (rated 4) available according to the regulation. This result, which indicates the ability to avoid service interruptions even in the event of severe failures (fault-tolerance), has been achieved thanks to a series of design and construction features which have affected all the aspects of the data center: choice of site, architectural aspects, physical security, fire extinguishing system, electrical system, mechanical system and data networks.

* The term ‘Tier’ was used in the ANSI/TIA-942 Standard until the ANSI/TIA-942:March-2014 edition. In the March 2014 edition the term ‘Tier’ has been replaced by either ‘Rated’ or ‘Rating’.

The ISO 22237 series, entitled "Data Center facilities and infrastructures" is recognised as the international benchmark standard for the entire life cycle of a data center, from strategic conception to building and operation, in line with ANSI/TIA 942 (US standard) and EN 50600 (European standard) regulations. ISO 22237 is based on an analysis of the requirements relating to issues covered in the following 7 areas:

  • ISO/IEC TS 22237-1:2018 - Part 1: General concepts;
  • ISO/IEC TS 22237-2:2018 - Part 2: Building construction;
  • ISO/IEC TS 22237-3:2018 - Part 3: Power distribution;
  • ISO/IEC TS 22237-4:2018 - Part 4: Environmental control;
  • ISO/IEC TS 22237-5:2018 - Part 5: Telecommunications cabling infrastructure;
  • ISO/IEC TS 22237-6:2018 - Part 6: Security systems;
  • ISO/IEC TS 22237-7:2018 - Part 7: Management and operational information.

Guaranteed Renewable Energy Source

Aruba S.p.A. purchases Guarantees of Origin (GO) recognized by the Manager of Energy Services (Gestore dei Servizi Energetici - GSE) certifying that that particular share of electricity is produced from Renewable Sources.

More details

CISPE Compliant - Services that comply with the CISPE data protection Code of Conduct

Aruba is the first Italian provider to be awarded the declaration of conformity to the CISPE Code of Conduct for Cloud data protection from the Bureau Veritas for the following solutions: Cloud PRO, Virtual Private Cloud, Cloud Object Storage, Cloud Backup, DBaaS, DRaaS and IaaS for SAP HANA.

CISPE (Cloud Infrastructure Services Providers in Europe), the voice of cloud infrastructure as a service providers in Europe, designed this code of conduct for General Data Protection Regulation (GDPR) to be able to certify the solutions of its members and guarantee quality standards for its customers.

Aruba cloud services offer their users the guarantee of certified security and transparency, are compliant with the CISPE Code of Conduct and recognized by a hallmark that offers its customers and citizens the freedom to store and manage their data within the European Economic Area.

This same hallmark guarantees that the Cloud service provider does not access or use customer data for its own purposes, such as data mining, data profiling or direct marketing.

The cloud services that comply with this Code are listed in the CISPE Public Register