This page is available in multiple languages
Select Language
CC&G has achieved ISO 22301:2012 and ISO/IEC 27001:2013 certifications for its Business Continuity and Information Security Management System, adding a further badge of excellence among industry players and additional reliability to customers and stakeholders of CC&G's services.

The project began in 2016 with the objective of improving the adoption of the Group Business Continuity Framework against an international standard, recognised by organisations and regulators as best practices in the market.

The decision to certify CC&G's Business Continuity and Information Security Management System was determined by the will to adopt a third party Certification Body to assess CC&G's capabilities to ensure compliance to rules and expected service levels.

ISO 22301:2012 - Business Continuity Management System

Is the international standard for business continuity management and it specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS).

Cassa di Compensazione e Garanzia (CC&G) holds Certificate No: IT292997 and operates a Business Continuity Management System which complies with the requirements of ISO 22301:2012 for the following scope:Regulated processes supporting CC&G’s institutional activities, with a specific focus on CP and Risk Management services.

  • PDF

ISO 22301:2012

English Version

English 15/03/2021 /sites/default/files/2021-03/ISO%2022301%20EN.pdf ISO 22301:2012

ISO/IEC 27001:2013 - Information Security Management System

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Cassa di Compensazione e Garanzia (CC&G) holds certificate N. IT298300 and operates an Information Security Management System which complies with requirements of ISO/IEC 27001:2013 for the following scope:

The Information Security Management System for regulated processes supporting CC&G's institutional activities, with a specific focus on CCP and Risk Management services.

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Cassa di Compensazione e Garanzia (CC&G) holds certificate N. IT298300 and operates an Information Security Management System which complies with requirements of ISO/IEC 27001:2013 for the following scope:

The Information Security Management System for regulated processes supporting CC&G's institutional activities, with a specific focus on CCP and Risk Management services.

  • PDF

ISO/IEC 27001:2013 - Information Security Management System

English Version

English 15/03/2021 /sites/default/files/2021-03/IT%20298300_0.pdf ISO/IEC 27001:2013 - Information Security Management System
  • PDF

CC&G Information Security Controls

English Version

English 15/03/2021 /sites/default/files/2021-04/4531%20-%20CCG%20SoA%20v1.0.pdf CC&G Information Security Controls

ISAE 3402 Type II

Cassa di Compensazione e Garanzia (CC&G) recently obtained the ‘International Standard on Assurance Engagements (ISAE) 3402 Assurance Reports on Controls at a Service Organisation Type II', a standard for documenting a service organisation's internal controls. ISAE is part of the International Federation of Accountants (IFAC).

What is ISAE 3402?

ISAE 3402 is an assurance standard that was developed to allow public accountants to issue a report for use by user organisations and their auditors. It looks at the controls within a service organisation that are likely to impact or be a part of the user organisation's system of internal control over financial reporting.

Additionally, the ISAE 3402 Assurance Report is issued by independent auditors who are responsible for evaluating the description, design and operational effectiveness of best practice controls.

Verification of the standard refers to a COBIT (Control Objectives for Information and related Technology) that was based on documents presenting CC&G's control system for providing IT services to user organisations.

What does this mean for CC&G?

The assurance report and the thorough nature of the audit by user organisations has recognised CC&G as improving the processes of governance and helped to create an increased awareness of the services it provides.

  • PDF

ISAE 3402 Type II

English Version

English 15/03/2021 /sites/default/files/2021-03/781%20%20Bureau%20Veritas2_0.pdf ISAE 3402 Type II