Compliance · 6 frameworks + Trust Center

Insurance compliance, translated into software.

NewPicass 14.Net is designed against the actual regulations Italian surety insurers, MGAs, coverholders and brokers must meet. Below 6 operational frameworks (DORA, IDD, GDPR, ISO 27001, Solvency II, eIDAS) + IESolution's public Trust Center. For each framework we state what the platform natively covers and what remains the customer's responsibility — operational honesty, not green-washing.

DORA

DORA — Digital Operational Resilience Act

EU Regulation 2022/2554 on digital operational resilience of the financial and insurance sector. ICT risk management, incident reporting, third-party risk, testing.

Regolamento UE · 17 gennaio 2025 Open framework IDD

IDD — Insurance Distribution Directive

Directive 2016/97/EU on insurance distribution. POG, demands and needs test, conflicts of interest, continuous IDD training, target market.

Direttiva UE · 1° ottobre 2018 Open framework GDPR

GDPR — General Data Protection Regulation

EU Regulation 2016/679 on personal data protection. EU data residency, access audit, insurance retention, right to erasure, contractual DPA.

Regolamento UE · 25 maggio 2018 Open framework ISO 27001

ISO/IEC 27001:2023 — Information Security Management System

International standard for information security management. IESolution is ISO 27001:2023 certified. Annex A controls applied to an insurance PAS.

Standard ISO · certificato 2023 Open framework Solvency II

Solvency II — capital, governance, reporting

Directive 2009/138/EC on capital requirements for insurance undertakings. Pillar I (SCR/MCR), Pillar II (ORSA, governance), Pillar III (QRT, SFCR, RSR).

Direttiva UE · 1° gennaio 2016 Open framework eIDAS · CAD

eIDAS & CAD — electronic signature and digital documents

EU Regulation 910/2014 and Italian Digital Administration Code (D.Lgs. 82/2005). FES, FEA, FEQ, TSA timestamping, AgID-compliant long-term preservation.

Regolamento UE · 1° luglio 2016 Open framework Trust

Trust Center — IESolution security & compliance

Public documentation on security processes, certifications, status page, security whitepaper, CISO contacts. For insurer and auditor due diligence.

IESolution Trust · operativo dal 2024 Open framework

Approach

Vendor compliance vs customer compliance

NewPicass 14.Net is not a vaguely "compliant" vendor: it's a cloud service (B2B SaaS) feeding processes under the responsibility of IVASS-regulated entities. Our responsibility is to natively cover the IT requirements of regulations — audit trail, encryption, retention, segregation of duties, business continuity. The regulated customer's responsibility is the policy, organisation, governance, external reporting layer. On each framework page we clearly distinguish what the platform does and what remains your responsibility. We publish annual security reports in the Trust Center.