""

Cybersecurity and compliance: is ISO 27001 certification a must?

LSTI, an independent conformity assessment body specializing in cybersecurity, has contributed to Global Security Mag (n°61). Julien Bruant, Managing Director of LSTI within the Apave Group, gives his feedback on the link between regulatory compliance (NIS 2, DORA, CRA, HDS) and operational cybersecurity.

The challenge of convergence: transforming constraints into strategic assets

In an environment marked by the intensification of cyberthreats, the main challenge is to successfully reconcile two different logics. On the one hand, compliance is based on strict standards and obligations. On the other, cybersecurity must remain agile and reactive in the face of constantly evolving threats.

Compliance sets a framework that can quickly be perceived as a mere administrative obligation. The role of a certification body specialized in cyber is precisely to create this bridge between compliance and cybersecurity. The intervention of an independent third-party body helps to restore meaning: it validates not only compliance with the standards, but also the organization's ability to transform these requirements into genuine, sustainable information security practices.


ISO/IEC 27001: The universal foundation for NIS 2, DORA, RGPD and HDS

A growing number of companies are opting for an ISO 27001 certification strategy. Over the past twenty years, this standard has become the global benchmark for information security.

It is at the heart of strategies for several reasons:

  • Regulatory interoperability : Its requirements are included in most European frameworks such as NIS 2, eIDAS, DORA or the RGPD.
  • Sector-specific (Healthcare): For healthcare players, HDS (Healthcare Data Hosting) certification is based directly on ISO 27001, adding specific requirements to guarantee the protection of sensitive data.
  • Third-party risk management: This is increasingly required by major clients to control digital risk in the subcontracting chain.
  • Maturity and confidence: Certification provides the market with proof and confidence, while reinforcing a company's intrinsic resilience.

More information on ISO 27001 certification


In a nutshell: Key facts

Julien Bruant (LSTI) highlights three fundamental pillars for companies:

  • A universal compliance foundation: ISO 27001 certification is the structuring basis for meeting a majority of the information security requirements of NIS2, DORA, the RGPD, and is the indispensable prerequisite for HDS certification.
  • Turning constraints into assets: LSTI's certification audit turns regulatory obligations into levers for performance and resilience.
  • Strategic confidence: The certificate is indisputable proof of an organization's maturity, facilitating access to critical markets and supply chain management.


LSTI would like to thank Valentin Jangwa for the quality of his presentation. Read the full interview in Global Security Mag n°61 (November 2025 > January 2026). https://www.globalsecuritymag.fr/

Discover our news