Quality and Information Security Policy
In compliance with clauses 5.2 of ISO/IEC 27001:2022 and UNI EN ISO 9001:2015.
The Management System
The delivery of quality services and the security and safeguarding of information assets are an essential prerequisite for the achievement of the business objectives of AtWorkStudio S.r.l. The information security requirements are consistent with the organisation's objectives, and the Quality and Information Security Management System (QISMS) is the tool that enables the identification of sound best practices for the constant improvement of corporate quality, the sharing of information, the correct conduct of operations and the reduction of information-related risks to acceptable levels.
Scope of Application
The conduct of business activities must always ensure adequate levels of availability, integrity and confidentiality of information, through the adoption of a formal QISMS in line with the requirements expected by the stakeholders of AtWorkStudio S.r.l. and in compliance with applicable regulations. The system applies to the delivery of cloud IT services, the ongoing management of clients' IT infrastructure and the provision of internet services.
Objectives
The general objectives of the QISMS, pursued with the commitment of Management, are to demonstrate to stakeholders the delivery of quality services following defined processes oriented towards continuous improvement, to demonstrate to clients the ability to consistently provide secure services while maximising business objectives, to minimise the risk of client data loss and unavailability by planning and managing activities to ensure service continuity, to carry out continuous and adequate risk analysis that constantly examines vulnerabilities and threats, to comply with applicable laws and regulations, contractual requirements and corporate procedures, to promote collaboration and QISMS awareness among strategic suppliers, and to conform to the principles and controls established by ISO 9001, ISO/IEC 27001, ISO/IEC 27017 and ISO/IEC 27018:2025, as well as to the regulations on the privacy and security of personal data (GDPR).
Cloud Service Security
For the implementation and delivery of cloud services, pursuant to ISO/IEC 27017, Management is committed to adopting security requirements that take into consideration the risks arising from multi-tenancy management, access to clients' cloud assets by service provider personnel, administrative access control, communications to clients regarding infrastructure changes, the security of virtualisation systems, the protection of client data in cloud environments, the management of the cloud account lifecycle and the communication of data breaches.
Personal Data Protection
The company is also constantly committed to the protection of the personal data of the data subjects it manages, with particular reference to those of its clients. Pursuant to ISO/IEC 27018:2025 and in accordance with the GDPR, AtWorkStudio S.r.l. acts as a Data Processor, declaring this status and the related obligations in contracts with clients and in the appointment of processors used to carry out the processing.
Involvement and Continuous Improvement
The entire company and its partners are involved in reporting any non-conformities with respect to the expected results on service quality, in reporting information security incidents and any weaknesses identified in the QISMS, and are committed to supporting the implementation, periodic review and continuous improvement of the system.
Management Commitment
Senior management is committed to pursuing, with adequate means and resources, the objectives of this policy, with the ultimate aim of the continuous improvement of the quality of its work and the security of information in the delivery of its services.