Meeting and exceeding the expectations of BravoSolution customers, shareholders, employees and suppliers is the foundation of our success. BravoSolution focuses on delivering high quality standards and processes for safety, reliability and delivery. This commitment is reinforced with certifications and accreditations awarded internationally to BravoSolution.
BravoSolution Security Director Marco Argilli explains the benefits of a certified solution for IT Services Management (ISO 20000-1), Security (ISO 27001) and Business Continuity (ISO 22301).
ISO/IEC 27018 is the code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors, and it focuses on protecting the personal data in the cloud.
The BravoSolution Privacy Management System is included into the more general ISO Integrated Management System adopted by BravoSolution according to ISO/IEC 20000-1 (Service Management System), ISO/IEC 27001 (Information Security Management System), ISO 22301 (Business Continuity Management System) Standards. ISO/IEC 27018 augments existing ISO/IEC 27001 controls with specific items for cloud privacy, and provides completely new security controls for personal data.
Through the adoption of a Privacy Management System, BravoSolution meant to pursue the following relevant objectives concerning Governance, Compliance and Risk Management (“GRC Objectives”):
- Identify all privacy safeguarding requirements to fulfil in order to protect personnel identifiable information (PII) related to customers and other privacy third parties processed by BravoSolution (“Compliance Objective”);
- Assess all privacy risks in order to protect against privacy breach, both reducing the likelihood of occurrence and mitigating the impacts caused by their materialization (“Risk Management Objectives”);
- Establish role and responsibilities concerning processing of PII and provide related addressing (“Governance Objectives”).
The BravoSolution Privacy management system assures that all information classified as “Personally Identifiable Information” (PII) are managed according to the proper statutory and regulatory requirements in every country where BravoSolution operates and guarantees to existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.
ISO/IEC 27018 certification provides a unique advantage for BravoSolution customers: the assurance to treat information in a safe, trusted and reliable way.
ISO22301 standard specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
This certification – assigned by Intertek, UKAS member – allows BravoSolution to be prepared in the face of the significant disruptions from outside threats such as a natural disaster or information security breach. Compliance to ISO22301 ensures BravoSolution to identify and proactively visualize threats the company is vulnerable to, prioritize those risks and implement preventative measures to fix the situation as soon as an issue arises.
Through the adoption of a Business Continuity Management System, BravoSolution means to pursue the following relevant objectives:
- Ensure the fulfilment of SLA agreed with customers, as far as concern business continuity;
- Increase BravoSolution resilience to disruptive events;
- Protect against disruptive incidents, both reducing the likelihood of occurrence and mitigating the impacts caused by their materialization;
- Recover from disruptive incidents when they arise;
- Identify all requirements to fulfil in order to protect personnel, premises, technology, information, supply chain, interested parties and company reputation from disruption events;
- Effectively manage disruption consequences in case an incident occurs and avoid unacceptable impacts
This new ISO22301 certificate has been obtained on the integrated system already certified on ISO20000-1 and ISO27001.
This means that BravoSolution is able to provide:
- Guaranteed Service Levels – Performance, Maintenance, Continuity
- Certified Information Security – Confidentiality, Availability, Integrity
ISO20000-1 certification – assigned by Intertek, UKAS member – allows BravoSolution to prove excellence and best practices adopted in the project, provision and maintenance of BravoSolution SaaS (Software as a Service) and BravoSolution EAA (Enterprise Application Appliance) solutions for enterprise supply management processes.
ISO20000-1 is an international standard for IT service management that includes the design, transition, delivery and improvement of services that fulfill service requirements and provide value for both the service provided and for the third parts (customer, supplier, etc….). This standard ensures BravoSolution can achieve evidence-based benchmarks to continuously improve solutions delivery to the customers base.
The adoption of ISO 20000-1 has recently grown in the international market of IT service providers and it has become a competitive differentiator especially when, like BravoSolution did, it is set-up as an integrated system with ISO27001, the information security standard.
BravoSolution Information Security Management System has been assessed and found compliant with the requirement of ISO/IEC 27001, the worldwide standard for data management security.
The certification scope is the BravoSolution Information Security Management System supporting the provision of SaaS (Software as a Service) and EAA (Enterprise Application Appliance) solutions for Enterprise supply management process.
The accreditation – assigned by Intertek, UKAS member – confirms that the clients’ sensitive data are managed in obedience to the strict certification requirements in terms of privacy, integrity and availability. Please consider that the evaluation process includes 114 check parameters, referred to the organizational and infrastructural components supporting our solutions. This is an important result that confirms BravoSolution SaaS (Software as a Service) and BravoSolution EAA (Enterprise Application Appliance) are compliant to the highest standard for data management security.
The accreditation UNI EN ISO 9001:2008 highlights the quality of businesses processes and client relationship management within BravoSolution for the following fields of application IAF 35-33: Design and provision of supply management solutions through web-based software and related consultancy activity and professional services in support of enterprise sourcing and procurement processes.
This certification takes an in-depth look at the way in which business operate, paying particular attention to customer requirements, satisfaction, communication, consistency of process/approach, and the continuous improvement of efficiency and quality.
The BravoSolution Supply Management Suite is certified for integration with SAP ERP. Such an acclaimed recognition is a guarantee of the full compatibility of the BravoSolution suite with the SAP ERP. This feature assures integrated data management in relation to the sourcing process. Procurement related information is exchanged automatically, allowing the full traceability of all processes. Such result is another feather in the cap for BravoSolution technology in a position to respond to the demands of businesses through its performance in line with the most discerning market standards.
The Crown Commercial Service (CCS) brings together policy, advice and direct buying, providing commercial services to the public sector and saving money for the taxpayer. The new Government Security Classification Policy came into force on 2 April 2014 and describes how HM Government classifies information assets to ensure they are appropriately protected. It applies to all information that government collects, stores, processes, generates or shares to deliver services and conduct business.
This certificate states that the BravoSolution Enterprise Sourcing Platform (ESoP) has appropriate risk management measures in place to allow processing of OFFICIAL information and that the CCS SIRO accepts this assessment.