--- title: "Security and ISO 27001, 27017, 27018 certifications | SparkFabrik" url: "https://www.sparkfabrik.com/en/security/" lang: "en" type: "page" lastmod: "2026-06-10" description: "SparkFabrik is certified ISO/IEC 27001, 27017 and 27018. What it means to entrust your cloud-native projects and managed hosting to a partner that puts security in writing." keywords: "[cloud security, ISO 27001, ISO 27017, ISO 27018, certified cloud partner, secure managed hosting, cloud native security, ISMS]" --- # Security, put in writing When you entrust us with a cloud-native project or the managed hosting of your platforms, information security is not a promise: it is a management system certified ISO/IEC 27001, 27017 and 27018, verified by an independent accredited body. ## Choosing a certified partner means less risk Security built into every service Why it matters. A certified information security management system does not protect a single project: it governs how we handle information across the whole organisation, from processes to technologies. For anyone entrusting us with cloud-native, managed hosting or platform development, it is the assurance that confidentiality, integrity and availability of data are managed with method, not improvised. ### Cloud-native The platforms we design and run follow security controls certified ISO/IEC 27017, specific to cloud services. ### Managed hosting The operational management of your platforms is covered by our information security management system, with periodic audits and continuous improvement. ### Personal data The processing of personal data (PII) in the cloud follows ISO/IEC 27018 controls, supporting GDPR compliance. ## Our ISO/IEC certifications Certificates issued by Scandinavian Certification, accredited by Norwegian Accreditation. Scope: design and development of software solutions and management of cloud service platforms. Every certificate is downloadable and verifiable. - **ISO/IEC 27001:2022**: Information security management system (ISMS). Certificate no. ITA-10325-ISMS, valid until 07.06.2029. [Download the certificate (PDF)](/docs/certificazioni/sparkfabrik-iso-27001-2022.pdf) - **ISO/IEC 27017:2015**: Security controls specific to cloud services. Certificate no. ITA-10325, valid until 07.06.2029. [Download the certificate (PDF)](/docs/certificazioni/sparkfabrik-iso-27017-2015.pdf) - **ISO/IEC 27018:2025**: Protection of personal data (PII) processed in cloud services. Certificate no. ITA-10325, valid until 07.06.2029. [Download the certificate (PDF)](/docs/certificazioni/sparkfabrik-iso-27018-2025.pdf) The certification covers the company management system, not individual products or services. For the Information Security Management System policies, see the Information Security page. ## SECURITY AS A SHARED RESPONSIBILITY Risk management continuous, not one-off In the cloud, security is a shared responsibility model: part belongs to the infrastructure provider, part to whoever designs and runs the platforms. That is where we operate. Our Information Security Management System applies a systematic approach to identify, assess and treat threats, with periodic audits and management reviews. Compliance with legal and contractual requirements, with attention to GDPR, is part of the system, not a later addition. - [Cloud Native Services](/en/services/cloud-native-services/): Design and management of cloud-native platforms with certified security controls. - [Supply Chain Security](/en/services/cloud-native-services/supply-chain-security/): Protection of the software lifecycle, from writing code to deployment. - [ISMS policies](/en/information-security/): The public policies of our Information Security Management System. --- *This is a Markdown version of the page to facilitate reading by AI and crawlers.* *Visit [https://www.sparkfabrik.com/en/security/](https://www.sparkfabrik.com/en/security/) for the full version.*