finger on a search engine with "management system" written

Certification of Management Systems

The certification of management systems is the appropriate recognition of your business skills that attests to the effectiveness of your company's organisation, through efficient management, suitable structures and adequate skills: a guarantee of reliability for your customers, suppliers, employees and collaborators.
Choosing Apave Certification Italy means relying on a certification body that is able to understand and meet the needs of its customers and their markets in multiple sectors, enhancing internal resources and business processes with a view to improving service.

Certification of

Quality Management System - ISO 9001

Today, the concept of quality has evolved from a system stiffened by excessive formalism to a quality management system more focused on the effectiveness and efficiency of the company's organisational processes. An increasing number of companies have chosen to system certifications according to the ISO 9001 standard, with the aim of ensuring compliance with contractual requirements by implementing management models to improve performance.


Quality management in a national, European and international context is a way of working and strategically managing one's own company in order to increase competitiveness and success.



ISO 9001 certification is used in both the private and public sectors to increase confidence in the products and services provided by companies; in business partners when dealing with business-to-business relationships; in the choice of suppliers in supply chains; and in the selection of participants in tenders.

The sectors involved are:

  • IAF02: Mining of minerals (quarries, mines and oilfields)
  • IAF15: Products from the processing of non-metallic materials (e.g. bitumen)
  • IAF16: Lime, gypsum, concrete, cement and related products
  • IAF17: Metals and their alloys, manufacture of metal products
  • IAF19: Electrical and optical equipment
  • IAF24: Recycling
  • IAF28: Construction companies, Installers of installations and services
  • IAF29: Wholesale, retail; repair of motor vehicles, motorbikes and personal and household products
  • IAF31: Transport, logistics and communications >>NEW<<
  • IAF33: Information technology
  • IAF34: Technical consultancy, engineering
  • IAF35: Professional business services
  • IAF37: Education

All this requires the company to tailor the quality management system to its business and production reality, in order to:

  • Optimise and rationalise the management of its products and services
  • Effectively and efficiently control the design (if applicable) and production and/or construction activities
  • Constantly monitor the adequacy of the human and economic resources invested with respect to legislative requirements as well as contractual requirements


The certification of a company’s quality management system by a third-party certification body (such as Apave Certification) is an element of prestige and growth for the company itself.

Picto pdfRules for the certification of Quality Management Systems (italian version)

The Accreditation Certificate no. 0107MS according to UNI CEI EN ISO/IEC 17021-1 for the "Certification of Quality Management Systems" in compliance with UNI EN ISO 9001:2015 in IAF sectors:

  • 02: Mining and quarrying
  • 15: Non-metallic mineral products
  • 16: Lime, gypsum, concrete, cement and related products
  • 17: Metals and metal products
  • 19: Electrical and optical equipment
  • 24: Recycling
  • 28: Construction
  • 29: Wholesale, retail; repair of motor vehicles, motorbikes and personal and household goods
  • 31: Transport, logistics and communication
  • 33: Information Technology
  • 34: Engineering studies
  • 35: Other services
  • 37: Education

Certification of quality management systems of engineering companies for design checks of works for validation purposes, in accordance with Technical Regulation RT-21 (Sector IAF 34).
Certification of management systems for road safety in accordance with UNI ISO 39001:2016.
Certification of management systems for the prevention of corruption in compliance with ISO 37001:2016.

Certification of

Environmental Management System - ISO 14001

green grass
green grass

Obtaining environmental certification represents the achievement of an extremely important objective for the organisation itself, both in terms of greater qualification for clients and, above all, greater optimisation of the production process covered by the certification.

The purpose of an Environmental Management System (EMS) certification is to ascertain, by means of an initial audit and subsequent maintenance audits, that the organisation operates in compliance with the UNI EN ISO 14001 standard. The audits carried out by Apave Certification do not replace, nor are they connected with those carried out by the competent public authorities.

The certification process adopted by Apave Certification provides for audits to be carried out over a three-year period, which allows a document of conformity to be issued after the first certification audit, the validity of which is subject to successful maintenance audits.

Picto pdfRules for the certification of Environmental Management Systems (italian version)

The Accreditation Certificate no. 0107MS according to UNI CEI EN ISO/IEC 17021-1 for the "Certification of environmental management systems" in compliance with UNI EN ISO 14001:2015 in IAF sectors:

  • 02: Mining and quarrying
  • 24: Recycling
  • 28: Construction
  • 31: Transport, logistics and communications
  • 34: Engineering services
  • 35: Other services

Certification of

Occupational Health and Safety Management System - ISO 45001

The Certification of an Occupational Health and Safety Management System (OHSMS) offers several advantages that the organisation can benefit from, for example:


  • Continuous and effective verification of the adequacy of the structure’s conduct with respect to the provisions of the law and the objectives defined by management
  • Implementation of accident prevention systems with a view to continuous improvement
  • Adoption and implementation of systems and measures to ensure that all organisations involved in the execution of commissioned works comply with the legal requirements on safety and health protection


The voluntary certification of this system enables the respective company to externally and internally highlight management’s continuous commitment to the prevention of accidents for those involved in the implementation of the works.


The structure of a safety management system can be traced back to what has already been developed for other schemes (QMS and EMS), ensuring greater optimisation of human and economic resources in the development of an Integrated Management System that complies with all three schemes.

The purpose of the certification of an OHSMS is to ascertain, through an initial audit and subsequent maintenance audits, that the organisations applying for certification are operating in accordance with the UNI ISO 45001:2018 standard.

Audits carried out by Apave Certification shall not replace or be connected with audits carried out by competent public authorities.


The certification process, adopted by Apave Certification, provides for audits to be carried out over a three-year period and allows for the issue, following an initial certification audit, of a document of conformity, the validity of which is subject to successful maintenance audits.

There are several features that harmonise ISO 45001 with other management system standards, such as ISO 9001 and ISO 14001. ISO 45001 adopts the same structure and incorporates certain new features, such as the risk-based approach, analysis of the context in which the organisation operates, active participation of top management and consultation and participation of workers.


On 12 March 2018, the certifiable ISO standard on Occupational Health and Safety Management Systems was published, the Italian language adoption of which is UNI ISO 45001:2018 'Occupational health and safety management systems - Requirements and guidance for use'.

Therefore, from 30 September 2021, certifications issued against BS OHSAS 18001:2007 will no longer be recognised.


Picto pdfRules for the certification of Occupational Health and Safety Management Systems (italian version)


The Accreditation Certificate n. 034F pursuant to the UNI CEI EN ISO/IEC 17021- 1 for the "Certification of occupational health and safety management systems" in compliance with the UNI ISO 45001:2018 standard in the IAF sectors:

  • 02: Mining and quarrying
  • 15: Non-metallic mineral products
  • 16: Lime, gypsum, concrete, cement and related products
  • 24: Recycling
  • 28: Construction
  • 31: Transport, logistics and communications
  • 34: Engineering services
  • 35: Other services

Certification of

Information Security Management System - ISO 27001

An Information Security Management System (ISMS) compliant with the ISO/IEC 27001:2013 standard is the internationally recognised means by which an organisation can demonstrate that it is able to protect its own information assets, or those of third parties entrusted to it. 
But what is meant by 'information'? It is an organisational asset which, like other important corporate assets or resources, is essential to the organisation's business and therefore needs to be adequately 'protected'.


The information to be protected is independent of its format, because ISO/IEC 27001:2013 is not a standard exclusive to the world of information technology in general, because it governs hard copy documents, verbal communications, conversations in public places, letters and emails exchanged with customers and suppliers, patents, industrial secrets that if became public knowledge or available to competitors would cause significant damage to the company, both in terms of the financial standing and image of the company.

The standard allows for the identification and constant updating of processes concerning the control of physical, logical and organisational security; risk analysis for the identification of suitable security measures; the management of appropriate and frequently updated operating procedures and instructions; and the monitoring of company processes.

The ISO/IEC 27001 standard is the only auditable and certifiable international standard that defines the requirements for an ISMS and is designed to ensure the selection of appropriate and proportionate security controls. This protects information from internal and external risks and gives stakeholders confidence.

The ISO/IEC ISO 27001 standard aims to ensure the maintenance of confidentiality, integrity and availability of information, in addition to other characteristics that may be considered such as authenticity, non-repudiation and reliability:

  • Confidentiality is the principle whereby information is not made available or disclosed to unauthorised individuals, entities or processes
  • Integrity is the principle related to safeguarding the accuracy and completeness of information and related assets
  • Availability is the principle of being accessible and usable at the request of an authorised entity

Transition to ISO/IEC 27001:2022

Accredia Circular No. 15/2023 provided indications for the management of the transition of certifications to the new ISO/IEC 27001:2022 and the adjustment of accreditations of certification bodies accredited for the SSI scheme.

Below is a summary of the deadlines:


Actions Deadline  Note 
 Publication of ISO/IEC 27001:2022.  25 October 2022  
 Last day of validity for new certificates issued according to ISO/IEC 27001:2013. 30 April 2024
 Apave Certification Italia will be able to certify new customers in the 2013 edition until this date.
 Last day to complete the transition audit.  30 April 2025  This is an internal deadline for Apave Certification Italy to ensure the best service to customers. If the audit is completed by this date, there will be sufficient time to implement any corrective actions in the event of non-compliance.
 End of transition period.  31 October 2025  ISO/IEC 27001:2013 certificates will no longer be valid as of this date.

Picto pdfDownload list of standards flexible scope (italian version)

Picto pdfSpecial rules for the certification of information security management systems (italian version)


The Certificate of Accreditation No. 0107MS according to UNI CEI EN ISO/IEC 17021-1 and UNI CEI EN ISO/IEC 27006 for the "Certification of Information Security Management Systems" in compliance with UNI CEI EN ISO IEC 27001:2017 in all fields of accreditation.

Certification of

Road Traffic Safety Management System - ISO 39001

traffic jam in the city
traffic jam in the city

Rely on Apave Certification Italia to certify your Road Traffic Safety Management Systems (RTSMS) in accordance with the UNI ISO 39001:2016 standard.

ISO 39001 identifies a management standard for road risk reduction for any organisation.

The scope of application is very wide and concerns in particular:

  • Road users
  • Companies that design, build and maintain road infrastructure
  • Owners and managers of road networks
  • Organisations that generate road traffic (supermarkets, sports centres, shopping areas, schools, etc.)


A Road Traffic Safety Management System, if effectively implemented, can protect both the safety of employees, but also that of customers, users and stakeholders.


downloadRules for the certification of Road Traffic Safety Management Systems (italian version)

Certification of

Anti Bribery Management System - ISO 37001

Choose Apave Certification to certify your management system for the prevention of corruption in accordance with the UNI ISO 37001:2016 standard.


The standard, which is an operational tool that does not replace but complements the measures already provided for in national legislation, helps to establish how companies can declare themselves "compliant" with regard to the prevention of corruption, i.e. adopting prevention measures that are reasonable and proportionate to the risk of corruption.


The standard is set up according to the high level structure, therefore perfectly able to integrate with ISO 9001, 14001 and 45001 standards, and is aimed at companies of any size or nature, in both the public and private sectors.


downloadRules for the certification of Management Systems for the prevention of corruption

Certification of

the Innovation Management System - ISO 56002

The implementation of an innovation management system, according to ISO 56002:2019 guidelines, and a third-party certification with the Apave IMS 56002 logo, guaranteeing its effectiveness, represent an important competitive advantage for the company.


Corporate innovation is a process which is built day-by-day, measurable, transversal to the various areas of the organisation, managed with specific skills and with a comprehensive vision that allows the most suitable production and organisational choices to trigger innovation itself.

The ISO 56002 innovation management system makes it possible to:

  • Give visibility and credibility to activities characterised by process, product and/or organisational innovation
  • Build trust with customers, suppliers, investors and the community
  • Measure the ability to innovate over time, creating lasting value


The greatest challenge lies in questioning internal processes and designing new ways of doing business. Managing innovation requires a systematic approach and a leader to guide the management system.
The success of an innovative company can thus be measured by the new business opportunities created, despite the variability of the market and the continuous evolution of enabling technologies.
To confirm this, the International Organization for Standardization (ISO) has published the ISO 56000 series of standards and, in particular ISO 56002:2019, as a guide for all organisations that want to adopt a structured approach to innovation management.


Any organisation irrespective of its type, size, products supplied and services provided can be certified.

The ISO 56002 standard sets out the principles that, when adopted in their entirety, enable organisations to put policy, objectives, leadership, resources, infrastructure, capital, tools, documentation, knowledge and skills in the right order, and to make the innovation management system effective.


downloadRules for the certification of Innovation Management Systems (italian version)

Certification of

Social Responsibility Management System - SA 8000

SA 8000 (Social Accountability 8000) is the first international standard to ensure that an organisation is socially responsible, i.e. that it is committed to the rules of work ethics and openly rejects all working conditions that are characterised by inhumanity, exploitation, unfair remuneration and workplace insanity.

This standard is based on principles dictated by international references in the field of human and workers' rights and in particular refers to the concepts of the Universal Declaration of Human Rights, the ILO (International Labour Organization) Conventions, the United Nations Conventions on the Rights of the Child and to eliminate all forms of Discrimination against women.

Apave Certificationin Italy has been accredited by SAAS (Social Accountability Accreditation Services), the only global accreditation body whose mission is to support the implementation of social and labour standards. This is achieved through supervision and assessment services designed to evaluate the competence of audit systems and individual auditors.

Any company in any sector of activity can be certified according to the SA8000 standard. Any organisation interested in guaranteeing socially acceptable working activities and in promoting constant improvement, both in the management of so-called "company risks" and in relations with interested parties, both inside and outside the organisation, can take advantage of this management tool.

What advantages does certification of the SA8000 Social Responsibility Management System bring?

  • An increase in credibility, transparency and corporate image on the reference market, a reputational benefit
  • Increased consumer confidence, improved relationship with institutions and social organisations
  • An evaluation of ethics and social fairness in the supply chain
  • An improvement in the working environment: workers feel protected by the company they work for and are more involved in achieving its objectives
  • An improvement in internal and external communication, through publicly available reports

Certification of the

Gender Equality Management System

Certifying your Gender Equality Management System according to UNI/PdR 125 reference practice contributes to the success of your organisation by guaranteeing the necessary actions to safeguard gender equality.


The purpose of the gender equality certification system according to the UNI/PdR 125 reference practice is to promote the adoption of gender equality and women's empowerment policies at company level and thus to improve women's access to the labour market, leadership and life-time harmonisation.

The certification of gender equality is stipulated in mission 5 of the NRP and the Equal Opportunities Code.


The achievement by an organisation of the certification in compliance with UNI/PdR 125, issued by APAVE CERTIFICATION ITALIA, brings several advantages, such as:

  • Contribution exemption, through a reduction in social security contributions for all the months in which the certification is valid, parameterised on a monthly basis equal to 1% (on the total number of staff hired) of the total contribution due from the employer, up to a maximum limit of EUR 50,000 per year per company
  • Bonus for participation in public tenders and calls for tenders
  • Reduction in the amount of the provisional guarantee required for participation in public tenders
  • Bonus in access to European/international/national funding
  • Reputational benefits of the brand
  • Increased talent attractiveness and retention capacity. The issue of well-being and work life balance is a decisive aspect in the choice of a new candidate (employer branding)



The UNI/PdR 125 certification is used in both the private and public sectors to increase stakeholders' confidence in the organisation's commitment to combating gender inequality.


downloadParticular Rules for the Certification of Management Systems for Gender Equality

Certification of

IT Service Management Systems UNI CEI ISO/IEC 20000-1

IT Services and their management, also known as "IT Service Management", are increasingly strategic for companies that rely on qualified suppliers to avoid having to deal with "ongoing management" activities for which it is not structured or for which it does not intend to bear the start-up and maintenance costs.

An IT Service can be defined as a set of functions provided through IT systems in supporting one or more business areas (departments, agencies, etc.).  It may consist of software, hardware and media, but the customer/customer and user/user perceive it as a single entity.


With the continuous demand for Information Technology services from the market, whether consumers or businesses, there is an increasing need to organise these services according to a certain, consolidated and universally recognised reference.

ISO/IEC 20000 is the reference standard that the International for Standardization Organization (ISO) has published for any organisation that intends to offer IT services to internal or external customers.

Adherence to the principles of ISO/IEC 20000 allows organisations to benchmark their ability to deliver IT services, measure service levels and evaluate service performance.

ISO/IEC 20000-1:2018 contains a list of requirements to which the organisation decides to draw inspiration and adhere to in order to provide IT services of acceptable quality for itself and its customers.

Apave Certification Italia is accredited by ACCREDIA for the ITX scheme (acronym with which the certification activity is identified according to ISO/IEC 20000-1 in the current version 2018); the accreditation ensures the competence, independence and impartiality of our body by the sole Italian Accreditation Body.



Certification is a guarantee for the organisation and for the market it addresses in terms of its ability to provide its services in the IT field.

It enables the company to support the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services that meet agreed requirements and deliver value to customers, users and the organisation providing the services.

In fact, the adoption of an IT service management system enables the organisation to ensure its ability to manage the following processes:

  • Service portfolio
  • Service Plan
  • Configuration Management
  • Business Relationship Management
  • Service Level Management
  • Supplier and Demand Management
  • Budgeting and Accounting
  • Capacity Management
  • Change Management
  • Release and Deployment Management
  • Incident Management
  • Problem Management
  • Service Continuity and Availability Management
  • Information Security Policy and Controls
  • Financial Management for IT Services
  • Service Reporting

downloadParticular rules for the certification of IT Service Management Systems (italian version)


The Accreditation Certificate no. 0107MS according to UNI CEI EN ISO/IEC 17021-1 and ISO/IEC 20006 for the "Certification of Management Systems for Information Technology Services" in compliance with UNI CEI ISO IEC 20000-1:2020 in all accreditation sectors.

Certification of
Business Continuity Management Systems UNI EN ISO 22301 (Business Continuity Management)

Do you want to protect against incidents that put your business at risk, reduce the likelihood of their occurrence, respond to them, and get back up and running as quickly as possible?

That is the purpose of ISO 22301 certification, which enables companies to plan, implement and enforce a business continuity management system. The standard is suitable for all organizations, regardless of their size and the nature of their activities, taking into account their environment and the complexity of their operations.

ISO 22301 certification allows you to anticipate the risks to your organization, to ensure the continuity of your activities as well as the return to normalcy following a disaster (cyber attack, fire, telephone network interruption, etc.).


  • Improve your resilience and responsiveness to safeguard your interests and those of key stakeholders;

  • Ensure the continuous uptime of your operations; and

  • Manage risks and change in your environment/context

  • Anticipate crises

  • Reduce the size and scope of an incident

  • Strengthen the trust of your customers

  • Demonstrate your compliance

downloadParticular rules for certification of management systems for Business Continuity (italian version)