Since December 19th, 2019, the certifications obtained by Lepida - ISO 9001 (quality management system) and ISO/IEC 27001 (information security management system) - include all personnel, locations, processes and services of the organisation. This concluded a challenging work that has continued throughout 2019, extending the scope of the certifications previously obtained by LepidaSpA to all the assets of the new LepidaScpA, created by the merger between LepidaSpA and CUP 2000 ScpA.
To give an idea of the extent of the work done, the staff included in the scope has grown from 75 to over 600 people and the company offices from 5 to 10. The scope of application for both certifications is now declined as follows: "Design, development, implementation, delivery, maintenance, service and management of: telecommunications networks and connectivity services; datacenter infrastructures and services (also in IaaS mode with the use of the guidelines ISO/IEC 27017 and ISO/IEC 27018); application platforms and services, including the SPID (Public Digital Identity System) Identity Provider service; technical, managerial, administrative and organizational services in the health and social-health sector, in favor of citizens, companies, local Public Administrations (PAs) and the Regional Health System". The offices include all three regional datacenters set up and managed by Lepida.
The maintenance of the ISO 9001 and ISO/IEC 27001 certifications, and the extension of the latter with the guidelines ISO/IEC 27017 (security in cloud services) and ISO/IEC 27018 (privacy in cloud services), were of particular importance this year, being among the requirements necessary to obtain the qualification as Cloud Service Provider (CSP): Lepida is applying to the Agency for Digital Italy (AgID) in order to be included in the Cloud Marketplace of the PA. The new certifications, corresponding to the requirements indicated by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), are adopted worldwide without referring to a specific product sector, rather indicating a series of general requirements that each organization can implement in their respective industries to increase the quality of the processes, the security of people and information and to promote customer satisfaction.