WESTPOLE has been accredited by AgID as a Cloud Service Provider (CSP) to provide Cloud services to Public Administrations.
The qualification obtained is “CSP type C”, i.e. with an infrastructure capable of providing IaaS, PaaS and SaaS level services, guaranteeing security, reliability, high performance, flexibility, interoperability and regulatory compliance.
From 1 April 2019, Public Administrations will be able to acquire only Cloud services qualified by AgID and published in the Cloud Marketplace.
WESTPOLE has been present since 13-03-2019 in the list of companies which have, to date, obtained this qualification and which is available for reference at the following address.
ISO/IEC 20000-1:2011 Service Management
WESTPOLE has chosen to introduce into the company a Service Management System in accordance with ISO/IEC 20000-1:2011, in order to maintain and improve the alignment and quality of business services provided in relation to customer requirements, through a constant cycle of monitoring, reporting and review of agreed SLAs.
The Service Management System has been developed in order to implement and achieve the following strategic objectives:
The development of a corporate culture on service quality issues, based on risk-based thinking;
The improvement of infrastructures and process efficiency with a view to increasing customer and stakeholder satisfaction;
The continuous innovation of the technological solutions offered and of the IT services;
The definition of architectures and infrastructure and application standards, ensuring their effective applicability and functionality to operational needs;
The respect of explicit and implicit contractual commitments;
Cost control to be able to meet business objectives and contractual commitments;
Focus on customer communication;
Preservation of the company’s image as a reliable and competent supplier, and therefore: increase in the number of customers, increase in turnover, territorial expansion of the company and entry into new market areas.
ISO/IEC 27001:2013 Information security with extension to ISO/IEC 27017:2015 Information security in Cloud Services and ISO/IEC 27018:2019 Protection of personal data in Cloud Service Guidelines
WESTPOLE’s mission is to provide its customers with IT solutions and services that meet the highest international standards and mandatory regulations on information security and in full compliance with the requirements indicated by these. To achieve this result, the Management considers it of fundamental importance to direct the organisation towards a total security management aligned with the context of ICT risks within which the implementation and maintenance of the Information Security Management System (ISMS) takes place.
The ISMS has been developed by WESTPOLE in accordance with the International Standard UNI CEI ISO/IEC 27001:2013, Sectors EA 33 and EA35, with an extension to the ISO/IEC 27017:2015 (Information Security in Cloud Services) and ISO/IEC 27018:2019 (Protection of Personal Data in Cloud Services) Guidelines in order to systematically implement and achieve the following strategic objectives:
Obtain and maintain certification of compliance with the ISO standards of the ISMS from an accredited certification body;
Define control objectives and controls to meet the requirements identified by the information security risk assessment and processing processes;
Preserve the company’s image as a reliable and competent supplier in the best possible way;
Protect in the best possible way our own information assets and those of our customers, with particular regard to Personal Data;
Optimise delivery processes;
Adopt measures to ensure the loyalty of staff and their professionalism;
Fully comply with the indications of current and mandatory legislation;
Guarantee to its customers compliance of provided Services with the European Regulation 679/2016 (GDPR);
Plan, act, verify and improve the ISMS of services for the benefit of the customer by exploiting available technological innovations;
Increase the level of sensitivity and competence of its staff on security issues;
Involve and raise awareness among all staff on the application and improvement of the ISMS.
Information security goals are expressed in the WESTPOLE Information Security Policy document, which is part of the Integrated Management System (IMS) certified by the DNV-GL Certification Institute.
UNI EN ISO 9001:2015 Quality Management Systems
WESTPOLE has adopted a Quality Management System in accordance with UNI EN ISO 9001:2015, Sectors EA 33 and EA 35, aimed at meeting the business objectives of:
Quality in the supply of HW and SW products, with emphasis on responsiveness, timeliness and completeness of deliveries and price competitiveness;
Quality as regards supplied product assistance, with particular attention to reactivity to the requests and to making the time needed to solve problems as short as possible;
Quality of the software packages, with the offer of technologically innovative solutions in selected application areas, with a complete range of functions and a high level of reliability;
Quality of the services provided, with recognised professionalism as regards operational start-up of the solutions sold and continuous willingness to understand, anticipate and promptly meet the needs of the customer.
Quality objectives are expressed in the WESTPOLE Quality Policy document, which is part of the Integrated Management System (IMS) certified by the DNV-GL Certification Institute.
The quality management system is also a guarantee of reliability of production processes for customers, suppliers, employees and collaborators.
UNI EN ISO 14001:2015 Environmental Management System
WESTPOLE is aware of the importance of the company’s behaving responsibly with regard to environmental issues. For this reason, it has adopted an Environmental Management System in compliance with the standard UNI EN ISO 14001:2015, Sectors EA 33 and EA 35, with the aim of achieving the following strategic business objectives:
Compliance with national and international environmental regulations;
Awareness of the importance of the environmental requirements of processes and management responsibilities;
Development of a corporate culture on pollution prevention issues, based on risk-based thinking;
Improvement of infrastructure and process efficiency with a view to improving environmental performance;
Focus on environmental communication with stakeholders;
Improving the company’s image as a partner attentive to the environmental sustainability of its processes.