Contact us
Memority

Memority ISO 27001 and ISO 27701 certified

Memority doubly certified ISO 27001 and ISO 27701 for data security and protection. 20 months of work, 341 pages of documentation: a commitment to quality in the service of your sensitive information.

On the morning of December 25, at 10:33 am, a lovely surprise awaited me under my virtual CISO tree. It wasn't entirely a surprise, nor a gift per se, although it made us all very happy, but rather the result of many months of hard work at Memority. It wasn't Santa Claus who dropped it off, either, but the Certi-Trust certification body.


In the package were two brand-new certifications for Memority:


  • ISO 27001, attesting to our excellence in information security management,
  • and, much rarer, ISO 27701, which also validates our mastery of the personal information management system.

Following its audit in early December, our certification body confirmed and stamped our compliance with both standards. This recognition represents a tremendous reward for all Memority staff, who can be delighted with this result achieved within the timeframe promised, in particular to our customers (before the end of 2024).


Thanks to these certifications, our customers and partners will see their already solid confidence in our ability to protect their data and assets strengthened even further.


A major investment

Obtaining these two certifications represented :


  • just over 20 months of project work by my entire team (in particular Léa Zerah, but also our interns Loïck Chagneau, Adrien Barbier, Paul Ledoux and Arthur Teste), accompanied of course by the entire Memority staff;
  • 341 pages written and published inside and outside the company, comprising 9 safety policies, 11 safety standards, a crisis management manual (one of these documents is even in its 17th version!);
  • 272 pages of documentation, processes and monitoring on our internal wiki;
  • 1,542 permanentcontrol procedures triggered;
  • 2 internal audit missions.

Why is this important?

I think back to a meeting withANSSI representatives a few months ago, when our interlocutors, seasoned experts in offensive security, smiled gently at the mention of ISO 27001, reminding us of what we regularly say: being certified does not mean being secure.


Of course, they're right: ISO 27001 is not intended to guarantee absolute security.


However, this remark reflects a primarily technical vision, focused on threats and vulnerabilities, where the standard plays a more global role. ISO 27001 doesn't just deal with operational aspects. It guarantees that Memority is structured, organized and ready to tackle all aspects of information security with rigor, while committing itself to a dynamic of continuous improvement.


In fact, the auditors went a step further and specified an impressive number of strong points in their report:


  • the involvement of leadership and management (a steering committee that closely follows all security issues and includes the CISO among its members, that's involvement) ;
  • the competence of the teams (they also noted that they were nice, but you can't write that down - it's bound to be subjective);
  • good document management (including accuracy and contextualization within the company: yes, at Memority, it's not ChatGPT that writes the security policies);
  • vulnerability management (I warmly salute our platform security pilots for their involvement in the ongoing handling of this vital subject);
  • the secure development approach (CSSLP certification for our senior devs is not just for show);
  • the control plan (an extremely thankless task);
  • reaction to non-conformities and continuous improvement (when our auditors arrived one morning, action plans to correct the previous day's remarks were already underway - I can understand why this might come as a surprise).

A great project that leads the way

So it's a fine project that's coming to an end, and we can be proud of it.


But it's only the beginning. I said last month in the editorial of "Le petit serrurier", Memority's internal security newsletter, that achieving ISO 27001 certification was a bit like reaching level 60 in an online multiplayer role-playing game: it's not an achievement, but a first step, where everything really begins.


So, if there's no truce in cyberspace, we've earned a little glass of champagne to celebrate our achievement, and then we'll get back to work with the same momentum, in the same state of mind, because that's in Memority's DNA!

Published by

Aymeric Berrendonner

Cybersecurity Director

Recent articles

Memority et Stellantis : lauréats de la Cybernight
2024 !

Calendrier

December 16, 2024

Lors de la 4ème édition de la Nuit de la Cybersécurité au Théâtre Mogador, Stellantis et Memority ont remporté la médaille d'Or de la catégorie Co-Construction ainsi que le Prix du Public, devant plus de 1 000 professionnels et 4 000 votants.

Read the article
FlècheFlèche

L'ISO 27001 à l’heure du changement climatique

Calendrier

March 20, 2024

Le changement climatique entre désormais dans le périmètre de la norme ISO 27001. Un nouvel enjeu qui bouscule la gestion des risques, la gouvernance et la stratégie des organisations face aux défis environnementaux et numériques.

Read the article
FlècheFlèche

Le modèle de rôle - Épisode 2 : publication et assignation

Calendrier

April 8, 2024

Dans cet article, découvrez deux grands principes du modèle de rôle et leurs bénéfices : l'assignation et la publication.

Read the article
FlècheFlèche
FlècheSee all articles
FlècheFlèche