Home > Expertise > Governance, Risk and Compliance > ISMS standards

Optimize your IT security with our Standardized ISMS offer

Strengthen the security of your Information System (IS) with our ISMS Standard offer: implement, improve and control the governance of your information system, while ensuring solid protection of your sensitive data.

100 %

of companies certified to ISO 27001:2013 must transition to the new version by 2025
ISO Survey 2023

Compliance ensured by a structured, controlled approach and trained staff!

In the initialization or normative transition phase, our regulatory expertise enables us to carry out a flash diagnostic based on the NIST or ISO 27001 standards. The aim of this diagnostic is to identify gaps, offer corrective actions, and assess the resources required and associated costs.

If necessary, we facilitate the creation and deployment of your information security risk governance, by co-constructing rules and measures adapted to your context.

Internal and external audits are essential. We offer you our experience to ensure your compliance with the chosen standards, and propose recommendations aligned with best practices in line with your objectives.

Raising staff awareness, training those involved and training follow-up are the main issues to deal with, and we are at your disposal to implement or run certification training courses.

NIST and ISO 27001 offers tailored to your needs

A “diagnostic” offer

Our experts draft up a roadmap following ax diagnosis to estimate the level of maturity of an approach and establish the “work still to be done”. We help to implement or ensure a transition between two versions of the same normative text.

A “support” offer

Because implementing a reference framework can require help, we bring you our management system expertise. Ideal support for successful implementation!

Applicable to NIST and ISO 27001.

An “audit” offer

The correct application of normative requirements must be monitored. This is the purpose of our AUDIT offer. Applicable to ISO 27001

A “skills” offer

We also offer you our Competencies package for all aspects of staff awareness-raising and training of ISMS (Information Security Management System) actors. Depending on your objectives, we can also organize and deliver Lead Implementor and Lead Auditor certification courses.

Our adaptable solutions for your diagnostic, support, audit or training needs

Evolving offers

To provide you with the best possible support, in line with your needs, our offers keep pace with your evolving requirements and cover the entire process of implementing or maintaining a management system in safe conditions.

Controlled implementation

Our experience in management systems, both in the implementation and audit phases, enables us to offer you optimized solutions adapted to your context. The action plan enables you to estimate the implementation workload and make decisions in a controlled manner.

Well-known reference systems

Our experience of reference systems enables us to carry out cross-audits. This not only informs you on the state of the system in place, but can also give you a clear idea of what remains to be done to comply with a future standard.

Recognized results

Our expertise is best illustrated by our customers’ certification results. Our certification courses also have an international reach

Our customer references

Diagnosis and roadmap for the implementation of an ISMS according to ISO 27001:2022.

Support for a customer in implementing its ISMS.

Organization and delivery of Lead Implementor ISO 27001 certification training for ISMS managers.

Training for ISMS stakeholders and raising staff awareness of ISMS objectives.

Carrying out a diagnostic and building a roadmap for the implementation of an ISMS according to ISO 27001:2013.

FAQ

Why carry out a diagnosis in the initial phase of implementing an information security management system?

The diagnosis is interesting as your organization can capitalize on the best practices. Moreover, with our recommendations, it's possible to implement a governance framework in just a few months.

What to choose between the NIST reference framework and ISO 27001?

The choice between NIST and ISO depends on your sector and location. Opting for NIST is relevant when working with Anglo-Saxon companies, although it cannot be certified. At the opposite, the internationally recognized ISO offers a certifiable and valuable framework. Sector-specific regulations may require compliance with several standards. The implementation of an ISMS based on ISO 27001 provides a foundation for the governance of information protection, allowing for correspondence with other standards.

Why should I diagnose my suppliers?

Suppliers, however important, are part of your ecosystem. Some provide you with the services on which all or part of your business depends. Once information security has been developed within your own structure, you can assess the maturity of the suppliers who have the greatest impact on the security of your information. In this way, you can help strengthen the resilience of your ecosystem by assessing your partners' ability to ensure the security of the information they provide.

How can the new version of the NIST reference framework can impact my information security system?

The evolution of the NIST reference framework involves major changes, with a complete reorganization of certain articles and an overhaul of categories. Applying the NIST 2.0 framework means that anyone wishing to implement it must identify the correspondences between the old and new requirements, and apply the requested changes. This burden is not without consequences when you are also impacted by the application of other standards (NIS2, DORA...).

My company has been ISO 27001 certified for a year now. Why should I implement the 2022 version?

Certification is a 3-year cycle. Version 2023 must be used for all certification or renewal until April 30, 2024, when version 2022 becomes mandatory, except for 27701 and HDS certification. Certified last year, we strongly recommend that you do the transition by implementing your change management process, in view of the new requirements and the overhaul of Annex A security measures.

Which repositories can be used for cross-referential analysis?

Generally, cross-referencing is based on standards or frames of reference for a common subject.

Standards based on other international standards are already implicitly cross-referenced.

In practical terms, ISO 27001, ISO 27701 on personal data protection (cross-referenced with RGPD), and HDS certification for healthcare data hosting are associated.

It is also possible to establish connections between NIS / NIS 2 and DORA requirements.

Do the training courses lead to an examination and a certificate?

Training courses leading to certification are subject to an examination.
If you are successful, you can apply to the certification body for certification, which will be awarded based on predefined criteria.
For other training courses, a test can be organized to validate the skills acquired. A certificate of attendance is issued in the same way as for awareness sessions.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!