Certification and compliance

Our solutions are compliant with all relevant national and international regulations. Learn more about our certifications and accreditations below.

Find out more

introducing the aruba pec and actalis certification authorities

Our certification authorities, Aruba PEC and Actalis, are AgID accredited as CA managers. Together, they’ve been offering products and services to public and private organisations for over a decade. Their portfolio includes digital signature services, certified email, compliant digital storage, and authentication and certification solutions.

Find out more about our certifications

eu eidas regulation

The EU’s electronic Identification Authentication and Signature (eIDAS) regulation sets out common rules and conditions for electronic signatures, web authentication, and related trust services for electronic transactions. The regulation creates a legal and technical framework based on the principle of technological neutrality, ensuring EU interoperability for trust services, identification, and authentication.

Our eIDAS accreditations

910/2014 Accreditation

Our timestamp and certification products and services are fully compliant with EU eIDAS Regulation 910/2014, in which we’re listed as a qualified trust service provider. in accordance with the following norms:

ETSI EN 319 401, ETSI EN 319 411-1, ETSI EN 319 411-2, ETSI EN 319 412-1, ETSI EN 319 412-2, ETSI EN 319 412-3, ETSI EN 319 412-5, ETSI EN 319 421, ETSI EN 319 422

ACN and AgID qualification

Aruba PEC S.p.A. is registered on the following Marketplaces:

AgID - Marketplace of preservation services
ACN Cloud Marketplace: DocFly – Compliant Digital Preservation

ETSI EN 319 401 accreditation

We’re compliant with ETSI EN 319 401 for the provision of SPID digital identification trust services, which are provided in accordance with the Prime Ministerial Decree of 24 October 2014, and the technical requirements defined by Implementing Regulation (EU) 2015/1502 of the Commission, Art. 24 of eIDAS Regulation (EU) 910/2014.

PSD2 Compliance

We are Qualified Trust Service Providers with our CA Actalis and Aruba PEC provision for the supply of QWAC and QSealC services (source: Konsentus)

ICANN accreditation

Aruba S.p.A. is accredited with the Internet Corporation for Assigned Names and Numbers (ICANN), the international body responsible for safeguarding the operational stability of the Internet, promoting market competition in the domain name business, and representing the interests of the Internet community.

our quality, energy, security, and product certifications

ISO 9001

Quality
management

ISO 14001

Certified environmental management

ISO 22237

Data center facilities and infrastructures

ISO 27001

Information
security

ISO 37001

Management system for the prevention
of corruption

ISO/IEC 27017

Cloud security
controls

ISO/IEC 27018

Managing personal data in the cloud

ISO/IEC 27035

Managing security incidents and events

ISO 45001

Occupational Health and Safety Management System

ISO 20000-1

Management of Information Technology services

ISO 22301

Business continuity
management

ISO 50001

Energy management
system

ISAE 3402

Control system for business processes

ANSI/TIA 942 Rating 4

Infrastructure quality and resilience

Renewable Energy Guarantee of Origin Certificate

More details

CISPE-declared services

We’ve declared our services as compliant with the CISPE code of conduct for data protection

Cloud for PA

Cloud service provider type C

for IaaS and SaaS services

CSA STAR Level 2

The security of cloud services is guaranteed by compliance with CSA STAR (Cloud Security Alliance - Security Trust Assurance and Risk) principles.

Climate Neutral Data Center Pact (CNDCP) Membership Certificate

Compliance certificate for Code of Conduct on Data Center Energy Efficiency

CISPE Compliance

Aruba is the first Italian provider to be awarded the declaration of conformity to the CISPE Code of Conduct for cloud data protection. You can find our services in the CISPE Public Register.

CISPE is the voice of cloud infrastructure as-a-service providers in Europe. The group has designed a code of conduct to certify its members’ solutions and guarantee that customers receive a high-quality service.