""

Focus on ISO/CEI 27001

Top News05/19/2022
ISO/IEC 27001 is an international standard for information security management. It was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, and revised in 2013. A European update was published in 2017.


The official title of this standard is "Information technology - Security techniques - Information security management systems - Requirements".

This standard specifies the requirements for the organization, implementation, maintenance and continuous improvement of an information security management system (ISMS). The aim of an ISMS is to help organizations secure their data and information (such as financial information, intellectual property, employee data or information entrusted to them by third parties).

Organizations that meet these requirements can choose to be assessed through an audit in order to be certified by an accredited certification body, such as LSTI.

ISO/IEC 27001:2013 comprises ten short clauses and one long annex, covering the following:

  1. Scope of the standard
  2. How the document is referenced
  3. Reuse of terms and definitions in ISO/IEC 27000
  4. Organizational context and stakeholders
  5. Information security leadership and high-level policy support
  6. Planning an information security management system, risk assessment, risk treatment
  7. Supporting an information security management system
  8. Making an information security management system operational
  9. System performance review
  10. Corrective action
  11. Appendix A: List of controls and their objectives

Like any other management system standard, ISO/IEC 27001 certification is possible, but not compulsory. Some companies choose to implement this standard to benefit from the good practices it contains, while others decide to become certified to reassure their customers.

This standard is the benchmark for our corporate services, as well as for the auditor/lead auditor 27001 and implementer 27001 exams.


PASSI certification: the Synacktiv case

PASSI certification: the Synacktiv case

Why choose LSTI?

1

Recognized expertise

With over twenty years' experience, LSTI supports more than 300 organizations in France and Europe as a certification body and benchmark assessment center in the fields of cybersecurity, digital trust and information security.assessment center, in the fields of cybersecurity, digital trust and information security.
2

Specialized auditors

Our teams of auditors are made up of experienced professionals who are fully conversant with the ANSSI's cybersecurity standards, information security management practices and European digital trust frameworks.curity standards, information security management practices and European digital trust frameworks. Their approach guarantees assessments that are demanding, balanced and adapted to the operational contexts of each organization.
3

Independent third party and dedicated support

Authorized by ANSSI, LSTI guarantees impartiality, transparency and consistency throughout the entire cycle: preparation, audits, monitoring and renewals. A dedicated contact ensures continuity and clarity throughout the certification process.

Discover our news