About

ISO/IEC 27001: focus on this international norm

ISO/IEC 27001 is an international standard on how to manage information security. Originally it was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, then revised in 2013. In Europe, an update was published in 2017.

The official title of this standard is “Information technology — Security techniques — Information security management systems — Requirements”

This standard precises requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The purpose of an ISMS is to help organizations make their information assets (i.e., financial information, intellectual property, employee details or information entrusted by third parties) more secure.

Organizations that meet these requirements can choose to be assessed through an audit then certified by an accredited certification body, such as LSTI Worldwide.

ISO/IEC 27001:2013 has ten short clauses and a long annex, which cover:

  1. Scope of the standard
  2. How the document is referenced
  3. Reuse of the terms and definitions in ISO/IEC 27000
  4. Organizational context and stakeholders
  5. Information security leadership and high-level support for policy
  6. Planning an information security management system; risk assessment; risk treatment
  7. Supporting an information security management system
  8. Making an information security management system operational
  9. Reviewing the system’s performance
  10. Corrective action
    Annex A: List of controls and their objectives

Like any other management system standards, being certified to ISO/IEC 27001 is possible but not mandatory. Some organizations choose to implement the standard to benefit from the best practice it contains, whilst others decide they want to get certified to reassure customers.

Historically, LSTI Worldwide second main service is ISO/IEC 27001 audit and certification. If you would like to get your company certified, contact us.

eIDAS: what is this European regulation about?

The main activity of LSTI Worldwide is eIDAS certification assessment. But what is the eIDAS regulations?

“eIDAS” is the abbreviation for “electronic IDentification And trust Services”. It refers to a range of specific services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. To simplify, it ensures secure cross-border transactions.

This standard was established in EU Regulation 910/2014 of July, 23rd 2014 on electronic identification and revokes the 1999/93/EC regulation from December, 13th 1999. The eIDAS regulation has been enforceable across the EU since July, 1st 2016.

The trust services covered by eIDAS include:

eIDAS qualified services

  • Advanced and Qualified electronic Signatures associated to a legal or natural person;
  • Advanced and Qualified electronic Seals associated to a legal person;
  • Qualified validation for Qualified Electronic Signatures and seals;
  • Qualified preservation of Qualified Electronic Signatures and seals;
  • Time stamping;
  • Electronic delivery services;
  • Website authentication.

The purpose to have qualified and trust services is to increase confidence in the use of electronic transactions through mechanisms – such as verifying the identity of individuals and businesses online or verifying the authenticity of electronic data – which are more present in our activities nowadays.

Companies which have been qualified according the eIDAS standards for their services are called Trust Service Providers (TSPs).

LSTI Worldwide activity is to audit and assess companies which provide the services mentioned above. Based on the result of their audit, a company could be qualified as a Trust Service Provider and is granted a certificate to prove their trustworthiness and the quality of their services.

All LSTI Worldwide customers assessed and qualified as TSP can be found on our online register, or on demand through the contact form (select Communications as subject).

More info on our dedicated page and on the EU websites:

2021: let’s summarize what happened

The beginning of the year is the time dedicated to assessments and resolutions, let’s take a look at LSTI’s activity in 2021.

A New Service Offer Added

A service has been added to our catalog:

PVID* company certification, the latest qualification set up by the ANSSI, the French agency for cybersecurity, for Remote Identity Verification Service Providers. We offer this service for our French customers but also international ones, believing that such certification can benefit any company worldwide.

*PVID: French Acronym for Prestataires de services de Vérification d’Identité à Distance, meaning Remote Identity Verification Service Providers.

New Members Joined Our Team

2021 was also marked by the strengthening of the LSTI team. In the French team, a full-time auditor has joined us, who works specifically on the PASSI qualification, but also a management assistant dedicated to company certifications. A new member has also joined us to manage the activity of LSTI Worldwide.
Despite the ongoing health crisis, the group has a constant and growing activity which makes it possible to hire additional people.

We are also always opened for partnerships, as partner training organizations (for French-speaking countries only) or partner auditors.

The LSTI Group Joined an International Group

The end of 2021 marked a turning point for LSTI: the group joined Apave, a French group specialized in professional risk management, with a global influence and market.

What does this actually change for our customers? Nothing. Our philosophy, our activity and our integrity remain unchanged.

And for our partners? It does not change anything either, because we are still dealing directly with them.

Being part of the Apave Group allows us to benefit from the support and reputation of a international company and with long-standing experience in the management of professional risks.

And for 2022?

This year trend is the PVID certification:

  • After the first customer requests last year, audits and qualifications are progressing;
  • The European counterpart to the ANSSI standard, the ETSI TS 119 461 standard, will contribute to the growing demand in Europe.

Check our social networks and our news section regularly not to miss any new feature happening in 2022!

LSTI has joined Apave

As the cybersecurity market in France, but also in Europe, is fast growing, 17 years after its founding, LSTI SAS strengthens its leading position by joining the Apave Group.

LSTI is a conformity assessment body (CAB) specializing in cybersecurity and data protection. Created in 2004, LSTI has developed a real expertise in information security assessment, and is recognized as one of the major CABs in Europe for the assessment of Trust Service Providers regarding the eIDAS regulation and the French ANSSI standards. Today, LSTI is joining the Apave Group to boost its growth and contribute to the development of the Group cyber offer.

The Apave cybersecurity platform offers standard and tailor-made approaches to help organisations control their digital risks, to test the vulnerability of their systems, to label or certify the quality of their protection, or to train their employees to anticipate and/or manage those risks.

 

About Apave
Apave is an French group specialized in risk management for more than 150 years, known globally. As an independent company with a €881M turnover in 2019, Apave currently has 12,400 employees, 130 agencies in France, 170 training sites throughout the globe, and 18 test centers. Apave is present internationally in more than 45 countries, with almost 500,000 trusting customers around the world.
Apave website

Download the press release

Scroll to top