ISO/IEC: security, governance and reliability of IT services
AtWorkStudio S.r.l. operates under an ISO/IEC 27001 and ISO 9001 certified management system, integrating information security, quality and IT service governance; the application of ISO/IEC 27017 and ISO/IEC 27018 guidelines strengthens the protection of cloud services and personal data. The company also delivers cloud services qualified by the National Cybersecurity Agency (ACN) and listed in the Qualified Cloud Services Catalogue, available for businesses and public administration.
An ISO/IEC 27001 and ISO 9001 certified management system
The certifications attest to a structured and verified management system, focused on information security, service quality and continuous improvement. The ISO/IEC 27017 and 27018 guidelines strengthen cloud service controls and personal data protection.
The scope covers the design and delivery of IaaS, PaaS and SaaS cloud services, as well as hardware and software technical support. ATWS Secure Workspace is ACN-qualified, available for businesses and public administration. Processes are compliant with GDPR, NIS2 and key international best practices.
International standard for information security management. It defines requirements and controls to ensure confidentiality, integrity and availability of data. Based on a risk-driven approach and continuous improvement, it forms the foundation for secure and reliable IT governance.
Since the 2022 edition of ISO/IEC 27001, the 27017 and 27018 standards are integrated as extensions within the 27001 certificate. A single certificate covers cloud service security (27017) and personal data protection in cloud (27018), with advanced controls, shared responsibilities, privacy by design and contractual transparency.
International standard for quality management systems. It ensures process consistency, customer satisfaction and continuous performance improvement. It integrates security, governance and innovation to deliver high-level, verifiable IT and cloud services.
Download certificates
ISO/IEC 27001 · 27017 · 27018
Since the 2022 edition of ISO/IEC 27001, the 27017 (cloud service security) and 27018 (personal data protection in cloud) standards are integrated as extensions. A single certificate covers all three standards.
ISO 9001
International standard for quality management systems. It ensures process consistency, customer satisfaction and continuous improvement.
Industry associations
Clusit
AtWorkStudio is a member of Clusit, the Italian Association for Information Security. Clusit brings together over 600 organisations including companies, institutions and professionals and is Italy's leading reference point for cybersecurity research, training and awareness. Our membership confirms our commitment to the information security community and to staying at the forefront of evolving threats and best practices.
Confindustria Piacenza
AtWorkStudio is a member of Confindustria Piacenza, the local branch of Confindustria representing industrial and service companies in the province of Piacenza. We are also part of the RICT cluster (Research, Innovation, Communication and Technology), a group of companies with the mission of bringing new production and communication technologies to the manufacturing sector.
Frequently asked questions
No. Using services provided by AtWorkStudio, including ACN-qualified ones, does not automatically grant the client ISO/IEC 27001 certification. However, relying on a provider certified under ISO/IEC 27001 and ISO 9001, with the application of ISO/IEC 27017 and ISO/IEC 27018 guidelines, facilitates audits, risk assessments and certification paths, thanks to documented processes, verifiable controls and a structured governance model.
An ISO/IEC 27001 and ISO 9001 certified provider guarantees controlled processes, structured risk management and continuous improvement. The listing of ATWS Secure Workspace in the ACN Qualified Cloud Services Catalogue serves as an additional indicator of reliability, as it attests to the service's compliance with national security, transparency and accountability requirements. This strengthens the client's position — whether a business or public body — with auditors, stakeholders and regulatory authorities.
The ISO/IEC 27001, 27017 and 27018 certifications, integrated within an ISO 9001 certified system, define an organisational model focused on information security, quality and accountability. The ACN qualification of the service confirms alignment with national security requirements. This approach supports the adoption of appropriate technical and organisational measures under Regulation (EU) 2016/679 (GDPR) and Directive (EU) 2022/2555 (NIS2), strengthening traceability, resilience and risk governance.
AtWorkStudio's cloud and cybersecurity services are designed in line with the requirements of the Cloud and Cybersecurity Voucher promoted by the Italian Ministry of Enterprises and Made in Italy (MIMIT). Eligibility is subject to the conditions set out in the call for applications, the provider's potential registration in the required lists and the evaluation of the project submitted by the client. The ISO/IEC certifications and, where applicable, the ACN qualification serve as qualifying elements within compliance assessments.
Yes. ACN qualification originated in the context of public administration, but the security, architecture and governance requirements it imposes are the same that any business should demand from its cloud providers. Choosing an ACN-qualified service means adopting a nationally verified standard, useful for due diligence, sector-specific compliance and evaluations by partners and investors.
Want to know more about our certifications?
Choosing AtWorkStudio means relying on a certified provider with verifiable processes and a structured governance model for information security and IT service quality.