The official title of this standard is "Information technology - Security techniques - Information security management systems - Requirements".
This standard specifies the requirements for the organization, implementation, maintenance and continuous improvement of an information security management system (ISMS). The aim of an ISMS is to help organizations secure their data and information (such as financial information, intellectual property, employee data or information entrusted to them by third parties).
Organizations that meet these requirements can choose to be assessed through an audit in order to be certified by an accredited certification body, such as LSTI.
ISO/IEC 27001:2013 comprises ten short clauses and one long annex, covering the following:
- Scope of the standard
- How the document is referenced
- Reuse of terms and definitions in ISO/IEC 27000
- Organizational context and stakeholders
- Information security leadership and high-level policy support
- Planning an information security management system, risk assessment, risk treatment
- Supporting an information security management system
- Making an information security management system operational
- System performance review
- Corrective action
- Appendix A: List of controls and their objectives
Like any other management system standard, ISO/IEC 27001 certification is possible, but not compulsory. Some companies choose to implement this standard to benefit from the good practices it contains, while others decide to become certified to reassure their customers.
This standard is the benchmark for our corporate services, as well as for the auditor/lead auditor 27001 and implementer 27001 exams.
Focus on ISO/CEI 27001
Focus on ISO/CEI 27001
Why Choose LSTI?

Recognized expertise
With more than twenty years of experience, LSTI supports more than 300 organizations in France and across Europe as a certification body and leading assessment center, operating in the fields of cybersecurity, digital trust, and information security.

Specialized Auditors
Our audit teams are composed of experienced professionals who are well-versed in ANSSI’s cybersecurity standards, information security management practices, and European digital trust frameworks. Their approach ensures rigorous, balanced assessments that are tailored to the operational contexts of each organization.

Independent Third Party and Dedicated Support
LSTI guarantees impartiality, transparency, and consistency throughout the entire process: preparation, audits, monitoring, and renewals. A dedicated point of contact ensures continuity and clarity throughout the certification process.

