Guarantees

Compliance,
signed.

Six attestations on every project
01 · Attestation

Secure
Development.

OWASP · CWE · SAST
02 · Attestation

GDPR
by Design.

EU Reg. 2016/679
03 · Attestation

Accessibility.

WCAG 2.2 AA · EAA
04 · Attestation

AI
Act.

EU Reg. 2024/1689
05 · Attestation

Performance.

Core Web Vitals · SBOM
06 · Attestation

NIS2
& DSA.

EU Dir. 2022/2555
Scroll
0
Core attestations
0%
Deliverables covered
0+
Reference standards
0
Extra cost
Attestation Catalog

What we sign with
every deliverable.

Six attestations, each backed by public verifiable standards. We select the ones that apply to your project and ship them as a signed PDF alongside production deployment.

CERT_01

Secure Development Attestation

Code shipped without known vulnerabilities. OWASP, CWE/SANS, SAST and dependency audit included.

Reference standards
  • OWASP Top 10 (2021) The 10 most critical web application vulnerability categories: A01 Broken Access Control → A10 SSRF.
  • CWE/SANS Top 25 The 25 most dangerous software weaknesses (memory safety, input validation, crypto misuse).
  • SAST + dependency audit Static code analysis + dependency audit (Snyk / npm audit / pip-audit) → 0 open HIGH/CRITICAL.
What we deliver
  • Signed PDF report
  • Pre/post vulnerability diff
  • Test evidence appendix
CERT_02

GDPR by Design Attestation

Privacy engineered from the architecture up. Data minimization, encryption, DPA and cookie compliance for Italian PA and EU clients.

Reference standards
  • Reg. UE 2016/679 (GDPR), Art. 25 Privacy by Design and by Default: technical and organizational measures from project inception.
  • Linee Guida Garante 10/06/2021 Cookies and other tracking tools: explicit pre-deployment consent, compliant banner.
  • ePrivacy Directive 2002/58/CE Confidentiality of electronic communications and metadata processing.
What we deliver
  • Bilingual Privacy Policy + Cookie Policy
  • DPA template
  • Data processing map
CERT_03

Accessibility Attestation

Interfaces usable by everyone. WCAG 2.2 AA conformance, Italian Stanca Act and European Accessibility Act 2025.

Reference standards
  • WCAG 2.2 livello AA Web Content Accessibility Guidelines 2.2, four principles: perceivable, operable, understandable, robust.
  • Legge 9 gennaio 2004 n. 4 (Stanca) Italian accessibility requirements for public administration and suppliers: AGID technical checklist.
  • European Accessibility Act (Dir. UE 2019/882) Mandatory from 28 June 2025 for e-commerce, banks, transport, ebooks and consumer devices.
What we deliver
  • Lighthouse + axe-core audit
  • Per-criterion WCAG 2.2 report
  • AGID Accessibility Statement
CERT_04

AI Act Compliance Attestation

For every AI integration: risk classification, user transparency, interaction logging, and synthetic content labeling.

Reference standards
  • Reg. UE 2024/1689 (AI Act) Four risk tiers (unacceptable / high / limited / minimal). Tiered obligations. Phased entry 2025-2027.
  • Trasparenza output AI (Art. 50) Duty to inform users they are interacting with AI. Watermarks for deepfakes and synthetic content.
  • Logging e audit trail LLM call log (prompt + output, metrics, cost) for accountability and debugging.
What we deliver
  • AI Act Risk Assessment
  • User disclosure embedded in UI
  • Model call audit log
CERT_05

Performance & Quality Attestation

Code that is tested, fast and traceable. Core Web Vitals on Google targets, ≥80% test coverage and standard Software Bill of Materials.

Reference standards
  • Core Web Vitals (Google) LCP < 2.5s · INP < 200ms · CLS < 0.1. Measured via Lighthouse + Real User Monitoring.
  • Test Coverage ≥80% Unit + integration tests with coverage report (Vitest / Pytest / Playwright E2E).
  • SBOM CycloneDX (ISO/IEC 5962:2021) Software Bill of Materials international standard: traceability of every dependency and license.
What we deliver
  • Lighthouse + RUM report
  • CI/CD coverage report
  • Signed CycloneDX SBOM
CERT_06

NIS2 & DSA Attestation

For platforms and enterprise clients: alignment with EU directives on cybersecurity (NIS2) and digital services (DSA).

Reference standards
  • Direttiva UE 2022/2555 (NIS2) Transposed in Italy via Legislative Decree 138/2024. Security-by-design measures, incident response, supply chain risk.
  • Reg. UE 2022/2065 (DSA) Algorithm transparency, moderation, notice-and-action, illegal content reporting for online platforms.
  • Incident Response Procedure Documented runbook with escalation, 72h ACN communication and user notification.
What we deliver
  • NIS2 deliverable checklist
  • DSA Compliance Matrix
  • Incident Response Runbook
Why it matters

The difference between
"shipped" and "certified".

Standard vendor

Your problem after deploy.

  • "It goes live" without test or security audit evidence.
  • Generic cookie banner, GDPR offloaded to your lawyer.
  • Accessibility "we'll handle it later", until an EAA complaint lands.
  • AI Act? We'll figure it out when it kicks in.
SPECTROSEC

Your deliverable, compliant, today.

  • Every release passes the 6 attestations. No undocumented code.
  • Privacy Policy, Cookie Policy and DPA ready for your DPO.
  • WCAG 2.2 AA audit + Accessibility Statement included.
  • AI Act Risk Assessment + user disclosure embedded in LLM features.
Regulatory framework

The rules we apply.

EU Reg. 2016/679 GDPR
EU Reg. 2024/1689 AI Act
EU Dir. 2022/2555 NIS2
EU Reg. 2022/2065 DSA
EU Dir. 2019/882 EAA
IT Law 4/2004 Stanca Act
IT D.Lgs. 138/2024 NIS2 IT
WCAG 2.2 AA W3C
Transparency

What our attestations are NOT

SPECTROSEC attestations are vendor-issued compliance documents describing the technical verifications performed on the deliverable against reference standards. They are standard practice in professional B2B software development.

They do not replace ISO certifications (e.g., ISO/IEC 27001, ISO 9001) issued by accredited third-party bodies (Accredia or equivalents), nor product certifications under Common Criteria, nor conformity assessments requiring notified bodies under the new Cyber Resilience Act.

If your sector requires accredited certifications (e.g., strategic PA, finance, healthcare) our attestations are the perfect starting point for subsequent formal certification: we provide the documented evidence external auditors need.

Partiamo

Want a certified
deliverable?

Tell us about your project. Within 24 hours we'll tell you which attestations apply and what to include in the quote.

Get a Free Quote