Globe English arrow down

Certification authority and compliance

We make it a priority that our solutions comply with national and international regulations. This is why we have a large number of certifications and accreditations allowing us to ensure enterprise-level services.

Find out more

A long history of working alongside enterprise thanks to our aruba pec and actalis certification authorities

We have built up extensive experience in offering trust services, based on our Certification Authorities, Aruba PEC and Actalis. Both of these Aruba Group companies are AgID accredited as PEC (certified email) and CA managers, and have been offering products and services aimed at businesses, both public and private, for over ten years, including digital signature services, certified email, compliant digital storage, and authentication and certification solutions.

Find out more about our certifications

The eidas european regulation

eIDAS - "electronic IDentification Authentication and Signature", the European Regulation laying down the conditions for mutual recognition in the field of electronic identification and common rules for electronic signatures, web authentication and related trust services for electronic transactions. The Regulation creates a new legal and technical framework based on the principle of technological neutrality, making it possible to identify the specific framework of reference standards to ensure the interoperability across the EU of trust services, identification and authentication.

Our eIDAS accreditations

910/2014 Accreditation

Compliance with the requirements stipulated by eIDAS Regulation (EU) 910/2014 for Qualified Trust Service Providers for the following services:
  • Issuing timestamps
  • Certification Authority
in accordance with the following norms: ETSI EN 319 401, ETSI EN 319 411-1, ETSI EN 319 411-2, ETSI EN 319 412-1, ETSI EN 319 412-2, ETSI EN 319 412-3, ETSI EN 319 412-5, ETSI EN 319 421, ETSI EN 319 422

Compliance with Art. 24 of eIDAS Regulation (EU) 910/2014

As defined in ACCREDIA's Accreditation Circular no. 5/2017 and assessed according to the Checklist (V.1 of 14 April 2017) compiled by AgID for the Provision of Trust Services by Custodians in accordance with the Law.

ETSI EN 319 401 accreditation

Compliance with ETSI EN 319 401 for the provision of SPID digital identification trust services provided in accordance with the Prime Ministerial Decree of 24 October 2014, the technical requirements defined by Implementing Regulation (EU) 2015/1502 of the Commission, Art. 24 of eIDAS Regulation (EU) 910/2014.

PSD2 Compliance

We are Qualified Trust Service Providers in the OBE Directory with our CA Actalis and Aruba PEC provision for QWAC and QSEALs services.

ICANN accreditation

Aruba S.p.A. is accredited with ICANN - Internet Corporation for Assigned Names and Numbers - the international body responsible for safeguarding the operational stability of the Internet, promoting competition of domain names at market level, ensuring the highest level of representativeness of the Internet community and developing policies consistent with its mandate through participatory and consensual processes.

We offer services certified for quality, energy, security and product

ISO 9001

Quality management

ISO 14001

Certified environmental management

ISO 27001

Maximum information security

ISO/IEC 27017

Cloud security controls

ISO/IEC 27018

Managing personal data on the Cloud

ISO/IEC 27035

Managing security incidents and events

ISO 50001

Energy management system

ISAE 3402

Control system for business processes

ANSI/TIA 942 Rating 4

Infrastructure quality and resilience

Certificate Guaranteeing Energy from Renewable Sources

CISPE Service Declared

Services signed up to the CISPE Code of Conduct for data protection

Cloud for PA

Cloud Service Provider (CSP) type C

IaaS and SaaS services

CISPE Compliance

Aruba is the first Italian provider to be awarded the declaration of conformity to the CISPE Code of Conduct for Cloud data protection from the Bureau Veritas for cloud services entered in the CISPE Public Register.

CISPE (Cloud Infrastructure Services Providers in Europe) is the voice of providers of cloud infrastructure as-a-service in Europe and designed this code of conduct for General Data Protection Regulation (GDPR) to certify the solutions of its members and guarantee quality standards for its customers.