ISO/IEC: security, governance and reliability of IT services
AtWorkStudio S.r.l. operates under an ISO/IEC 27001 and ISO 9001 certified management system, integrating information security, quality and IT service governance; the application of ISO/IEC 27017 and ISO/IEC 27018 guidelines strengthens the protection of cloud services and personal data. The company also delivers cloud services qualified by the National Cybersecurity Agency (ACN) and listed in the Qualified Cloud Services Catalogue for the Public Administration.
An ISO/IEC 27001 and ISO 9001 certified management system
The certifications attest to a structured and verified management system, focused on information security, service quality and continuous improvement. The ISO/IEC 27017 and 27018 guidelines strengthen cloud service controls and personal data protection.
The scope covers the design and delivery of IaaS, PaaS and SaaS cloud services, as well as hardware and software technical support. ATWS Secure Workspace is ACN-qualified for the Public Administration. Processes are compliant with GDPR, NIS2 and key international best practices.
International standard for information security management. It defines requirements and controls to ensure confidentiality, integrity and availability of data. Based on a risk-driven approach and continuous improvement, it forms the foundation for secure and reliable IT governance.
Since the 2022 edition of ISO/IEC 27001, the 27017 and 27018 standards are integrated as extensions within the 27001 certificate. A single certificate covers cloud service security (27017) and personal data protection in cloud (27018), with advanced controls, shared responsibilities, privacy by design and contractual transparency.
International standard for quality management systems. It ensures process consistency, customer satisfaction and continuous performance improvement. It integrates security, governance and innovation to deliver high-level, verifiable IT and cloud services.
Download certificates
ISO/IEC 27001 · 27017 · 27018
Since the 2022 edition of ISO/IEC 27001, the 27017 (cloud service security) and 27018 (personal data protection in cloud) standards are integrated as extensions. A single certificate covers all three standards.
ISO 9001
International standard for quality management systems. It ensures process consistency, customer satisfaction and continuous improvement.
Frequently asked questions
No. Using services provided by AtWorkStudio, including ACN-qualified ones, does not automatically grant the client ISO/IEC 27001 certification. However, relying on a provider certified under ISO/IEC 27001 and ISO 9001, with the application of ISO/IEC 27017 and ISO/IEC 27018 guidelines, facilitates audits, risk assessments and certification paths, thanks to documented processes, verifiable controls and a structured governance model.
An ISO/IEC 27001 and ISO 9001 certified provider guarantees controlled processes, structured risk management and continuous improvement. The listing of ATWS Secure Workspace in the ACN Qualified Cloud Services Catalogue serves as an additional indicator of reliability for the Public Administration, as it attests to the service's compliance with the security, transparency and accountability requirements set by the national qualification framework. This strengthens the client's position with auditors, stakeholders and regulatory authorities.
The ISO/IEC 27001, 27017 and 27018 certifications, integrated within an ISO 9001 certified system, define an organisational model focused on information security, quality and accountability. The ACN qualification of the service confirms alignment with national security requirements for the Public Administration. This approach supports the adoption of appropriate technical and organisational measures under Regulation (EU) 2016/679 (GDPR) and Directive (EU) 2022/2555 (NIS2), strengthening traceability, resilience and risk governance.
AtWorkStudio's cloud and cybersecurity services are designed in line with the requirements of the Cloud and Cybersecurity Voucher promoted by the Italian Ministry of Enterprises and Made in Italy (MIMIT). Eligibility is subject to the conditions set out in the call for applications, the provider's potential registration in the required lists and the evaluation of the project submitted by the client. The ISO/IEC certifications and, where applicable, the ACN qualification serve as qualifying elements within compliance assessments.
Yes. Although ACN qualification is specifically intended for the Public Administration, the adoption of a service listed in the ACN Catalogue represents an objective indicator of security, architectural robustness and service governance for private companies. This can facilitate due diligence processes, sector-specific compliance requirements and evaluations by partners and investors.
Want to know more about our certifications?
Choosing AtWorkStudio means relying on a certified provider with verifiable processes and a structured governance model for information security and IT service quality.