ACCREDITED
Inveo
Certification
We are a certification body accredited by Accredia (Accreditation body designated by the Italian government under Reg. 765/2008/EC) in the field of data protection activities, against the ISO/IEC 17065:2012 standard.
Accredited for voluntary, and unregulated, certification of compliance with applicable regulations, including GDPR, for ISDP©10003 (GDPR compliance assessment) and SGCMF©10002 certification schemes - compliance of pharmaceutical companies' health care professionals' records with the combined provisions of EU Reg. 2016/679 and 219/06.
The independence and expertise gained by our Lead auditors in the field, coupled with the establishment of procedures for issuing, reviewing and withdrawing certifications as well as facilities for handling complaints related to certification violations, enable INVEO CERTIFICATION to position itself as a state-of-the-art certification body.
The independence and expertise gained by our Lead auditors in the field, coupled with the establishment of procedures for issuing, reviewing and withdrawing certifications as well as facilities for handling complaints related to certification violations, enable INVEO CERTIFICATION to position itself as a state-of-the-art certification body.
BENEFITS
ACCREDIA through accreditation therefore ensures that they are complied with:
IMPARTIALITY
Representation of all stakeholders within the body
INDEPENDENCE
GDPR auditors and certification/reporting committees ensure that there are no conflicts of interest with the company to be certified
CORRECTNESS
Ensure that the activities of separate legal entities with which Inveo has relations, does not compromise the impartiality of its activities
COMPETENCE
Accreditation primarily certifies that the personnel engaged in verification activities are culturally, technically and professionally qualified.
Certification is an Accountability tool. The entry into force of EU Reg. 679/2016, revolutionized the concept of "Accountability" (Accountability) of the Data Controller (art.5.2) by providing the latter with new and valuable tools to support the demonstration of compliance with the regulation (art.24).
Certification is a tool to measure yourself, to optimize your internal management system and privacy system, and to demonstrate that you have become aware of your "level of personal data governance" and have implemented technical and organizational measures to comply with current data protection regulations.
WHAT IS CERTIFICATION?
Certification (Article 42 of the GDPR) is a voluntary tool for assessing and demonstrating one's compliance with the European regulation on the processing of personal data.
Article 42 identifies the obvious task that the GDPR places on member states, supervisory authorities, the committee and the commission to "encourage" the use of certification mechanisms.
Certification does not absolve controllers and supervisors from their GDPR obligations, but it is a safeguard to the data subject on compliance with processing and a mitigating factor in the event of any sanctions.
Certification does not absolve controllers and supervisors from their GDPR obligations, but it is a safeguard to the data subject on compliance with processing and a mitigating factor in the event of any sanctions.
Why should I certify myself?
Because Data Controllers and/or Processors within certified products/processes and services substantiate assurances to themselves, the market and regulators.
The certification shows that the owner or responsible:
Work according to standard
Demonstrates Accountability
Demonstrates to the Supervisory Authorities that it has voluntarily performed an act of due diligence
Has safe, documented and standardized procedures.
Ensures confidence of stakeholders.
WHAT CAN I CERTIFY?
All processes of processing of personal data that the owner and manager carry out as part of the products, processes and services, made or otherwise provided, subject to the regulation of national and European privacy standards.
MANAGEMENT SOFTWARE • ENTERPRISE PRIVACY MANAGEMENT PROCESSES • DATABASES • WEB PORTALS • VIDEO SURVEILLANCE TOOLS
WHAT TYPES
OF CERTIFICATIONS?
Aspecific Certifications
Certification schemes that (ISO 9001, ISO 25024, ISO 27001, ISO 27018, etc.) are based on international standardization standards. We can call them non-specific, precisely because of their partiality of coverage and type of accreditation required.
In any case, they represent a "best practice" for demonstrating compliance with individual processes called out by the GDPR.
In any case, they represent a "best practice" for demonstrating compliance with individual processes called out by the GDPR.
Specific Certifications
Certification schemes defined from the set of provisions (articles and recitals) of the GDPR and following the obligation of certification for products, processes and services (ISO/IEC 17065).
So they are certifications that incorporate all the controls required even by the particular areas covered by the aspecific certification standards.
So they are certifications that incorporate all the controls required even by the particular areas covered by the aspecific certification standards.
INVEO CERTIFICATIONS
GDPR Certification ISDP©10003
Created to meet the rules operational since 2018 and born out of the need to assess compliance with the GDPR. The ISDP©10003 scheme is applicable to all owners and managers within the products, processes and services, implemented or otherwise provided that want to demonstrate their Accountability and specifies the requirements for the management in fairness, security and compliance of personal data of natural persons with regard to the processing of personal data and the free movement of the same.
The outline provides principles and lines of control for a comprehensive assessment of GDPR compliance of the owner's or manager's internal processes regarding the protection of personal data with particular reference to the proper management of risks.
The outline provides principles and lines of control for a comprehensive assessment of GDPR compliance of the owner's or manager's internal processes regarding the protection of personal data with particular reference to the proper management of risks.
Certification of processes for handling personal data in clinical trials
The scheme stems from the need to protect the personal data of all those subjects who participate in clinical trials, aimed at discovering the effects of drugs and their adverse reactions. Indeed, in some cases, given the distance of the subjects outside the company, the circulation of information and biological samples can be quite complex and insecure.
SGCMF©10002 Pharmaceutical Certification
SGCMF©10002 is a scheme aimed at assessing the compliance of the records of health care professionals visited by pharmaceutical companies with the combined provisions of 219/06 regulating the advertising of medicines and current data protection regulations.
Farmindustria code of ethics certification
The certification aims to ensure that the system implemented by pharmaceutical companies complies with the requirements defined by the regulations and the Code. The scheme is not limited to compliance with the Code of Ethics, but obliges pharmaceutical companies to operate in full transparency and according to behavioral norms.
Would you like to get clarification on the most suitable certification path for your company?
Press release Certification
Released Rev 01 of ISDP©10003:2020
Rev.01 of ISDP©10003:2020 has been released.
Magazine
GDPR Certification - The Guarantor's FAQ
In a joint Accredia-Guarantor effort, useful FAQs were published today to help understand what GDPR certification is, how it should be understood and how to apply it, and its benefits in terms of accountability.
Press release Certification
RELEASE NEW VERSION OF ISDP©10003:2020 SCHEME FOR GDPR COMPLIANCE ASSESSMENT
INVEO srl, as scheme owner, announces that the new version of the certification scheme ISDP©10003:2020, an international scheme for assessing compliance with the European Regulation 2016/679 (GDPR), already accredited by Accredia on a voluntary basis, according to ISO/IEC 17065, has been released. The scheme is freely downloadable online.
Magazine
GDPR CERTIFICATION, ANOTHER CERTIFICATION
Every person has the right to the protection of personal data concerning him or her, and the task of Regulation (EU) 2016/679 is the protection of natural persons.
Press release Certification
ISDP©10003. The GDPR certification scheme in free download
ADNkronos, Dec. 12, 2019. The ISDP©10003:2018 certification scheme, accredited by Accredia (Single Accreditation Body under Art. 2fdecies Legislative Decree 101/2018) according to the UNI EN ISO 17065 standard, in order to assess compliance with the GDPR is now available free of charge at www.in-veo.com
Made to respond to the operational rules since 2018, the ISDP©10003 scheme is voluntary and applicable to all types of organizations that want to demonstrate their Accountability by specifying requirements for the management in fairness, security and compliance of individuals' personal data with regard to the processing of personal data and the free movement of personal data. The ISDP©10003 certification scheme, provides assurance that the organization has carried out processing and compliance operations in accordance with the GDPR.
Press release Certification
European Commission promotes ISDP©10003
The European Commission's Study on GDPR certification mechanisms ex art.42 and 43, which came out in final version in the past few days, highlights that ISDP©10003 is among the 15 best certification schemes internationally and one of the two that are compliant with the purpose set out in art. 42 of the GDPR.