Sekuro has achieved a significant milestone in its global cybersecurity assurance capability, becoming a registered supplier with Italy’s Agenzia per la Cybersicurezza Nazionale (ACN). This recognition enables Sekuro to deliver QC1 through QC3 assessments for service providers operating within the Italian regulatory ecosystem.
Expanding Global Assurance Capabilities
Sekuro’s registration with ACN marks a strategic expansion of its international assurance services, reinforcing its position as a trusted partner for organisations navigating complex regulatory environments across jurisdictions.
The ACN framework establishes cybersecurity qualification requirements for cloud service providers and digital infrastructure supporting Italy’s public sector and critical services. Under this framework, service providers must undergo rigorous assessments aligned to defined Qualification Categories (QC1, QC2, and QC3), each reflecting increasing levels of security assurance and regulatory scrutiny.
With this registration, Sekuro is now authorised to conduct independent assessments across all three qualification levels, supporting organisations in achieving and maintaining compliance with ACN requirements.
Understanding QC1 to QC3 Assessments
The ACN qualification model is designed to ensure that service providers meet stringent security, resilience, and data protection requirements.
- QC1 applies to services with lower criticality, requiring baseline security controls and assurance.
- QC2 introduces enhanced requirements, including stronger controls, monitoring, and governance mechanisms.
- QC3 represents the highest level of assurance, typically required for critical national infrastructure and sensitive government workloads, demanding comprehensive security, resilience, and sovereignty measures.
Sekuro’s capability to deliver assessments across all three levels ensures that organisations can scale their compliance journey in alignment with business risk and regulatory expectations.
Supporting Multinational Compliance Strategies
For organisations operating across multiple jurisdictions, aligning with diverse regulatory frameworks is increasingly complex. Sekuro’s ACN accreditation complements its extensive experience across global standards, including:
- ISO 27001 and ISO 42001
- SOC 2 Type I and II
- IRAP (Australian Government) and subsequent ISM work
- Essential Eight
- NIST frameworks and AI risk governance
- PCI DSS
This enables Sekuro to provide integrated, multi-framework assurance strategies that reduce duplication, streamline audit efforts, and strengthen overall security posture.
Delivering Confidence in a Regulated Landscape
Sekuro brings deep expertise in government-aligned security assessments, with a proven track record supporting highly regulated sectors including defence, healthcare, financial services, and critical infrastructure.
By combining technical depth with regulatory insight, Sekuro supports clients through:
- Readiness assessments and gap analysis
- Control design and implementation guidance
- Independent assessment and reporting
- Ongoing compliance and continuous assurance
This end-to-end approach ensures organisations are not only compliant at a point in time but are equipped to sustain compliance in an evolving threat and regulatory landscape.
Looking Ahead
Sekuro’s ACN registration reflects its ongoing commitment to helping organisations operate securely and confidently on a global stage. As regulatory expectations continue to evolve, Sekuro remains focused on delivering high-quality, scalable assurance services that meet the needs of both local and international clients.
Organisations seeking to understand their obligations under the ACN framework or commence their QC1–QC3 assessment journey are encouraged to connect with Sekuro’s advisory team.
