Contact us
Memority

Memority ISO 27001 and ISO 27701 certified

Memority doubly certified ISO 27001 and ISO 27701 for data security and protection. 20 months of work, 341 pages of documentation: a commitment to quality in the service of your sensitive information.

On the morning of December 25, at 10:33 am, a lovely surprise awaited me under my virtual CISO tree. It wasn't entirely a surprise, nor a gift per se, although it made us all very happy, but rather the result of many months of hard work at Memority. It wasn't Santa Claus who dropped it off, either, but the Certi-Trust certification body.


In the package were two brand-new certifications for Memority:


  • ISO 27001, attesting to our excellence in information security management,
  • and, much rarer, ISO 27701, which also validates our mastery of the personal information management system.

Following its audit in early December, our certification body confirmed and stamped our compliance with both standards. This recognition represents a tremendous reward for all Memority staff, who can be delighted with this result achieved within the timeframe promised, in particular to our customers (before the end of 2024).


Thanks to these certifications, our customers and partners will see their already solid confidence in our ability to protect their data and assets strengthened even further.


A major investment

Obtaining these two certifications represented :


  • just over 20 months of project work by my entire team (in particular Léa Zerah, but also our interns Loïck Chagneau, Adrien Barbier, Paul Ledoux and Arthur Teste), accompanied of course by the entire Memority staff;
  • 341 pages written and published inside and outside the company, comprising 9 safety policies, 11 safety standards, a crisis management manual (one of these documents is even in its 17th version!);
  • 272 pages of documentation, processes and monitoring on our internal wiki;
  • 1,542 permanentcontrol procedures triggered;
  • 2 internal audit missions.

Why is this important?

I think back to a meeting withANSSI representatives a few months ago, when our interlocutors, seasoned experts in offensive security, smiled gently at the mention of ISO 27001, reminding us of what we regularly say: being certified does not mean being secure.


Of course, they're right: ISO 27001 is not intended to guarantee absolute security.


However, this remark reflects a primarily technical vision, focused on threats and vulnerabilities, where the standard plays a more global role. ISO 27001 doesn't just deal with operational aspects. It guarantees that Memority is structured, organized and ready to tackle all aspects of information security with rigor, while committing itself to a dynamic of continuous improvement.


In fact, the auditors went a step further and specified an impressive number of strong points in their report:


  • the involvement of leadership and management (a steering committee that closely follows all security issues and includes the CISO among its members, that's involvement) ;
  • the competence of the teams (they also noted that they were nice, but you can't write that down - it's bound to be subjective);
  • good document management (including accuracy and contextualization within the company: yes, at Memority, it's not ChatGPT that writes the security policies);
  • vulnerability management (I warmly salute our platform security pilots for their involvement in the ongoing handling of this vital subject);
  • the secure development approach (CSSLP certification for our senior devs is not just for show);
  • the control plan (an extremely thankless task);
  • reaction to non-conformities and continuous improvement (when our auditors arrived one morning, action plans to correct the previous day's remarks were already underway - I can understand why this might come as a surprise).

A great project that leads the way

So it's a fine project that's coming to an end, and we can be proud of it.


But it's only the beginning. I said last month in the editorial of "Le petit serrurier", Memority's internal security newsletter, that achieving ISO 27001 certification was a bit like reaching level 60 in an online multiplayer role-playing game: it's not an achievement, but a first step, where everything really begins.


So, if there's no truce in cyberspace, we've earned a little glass of champagne to celebrate our achievement, and then we'll get back to work with the same momentum, in the same state of mind, because that's in Memority's DNA!

Published by

Aymeric Berrendonner

Cybersecurity Director

Recent articles

Memority certifiée AirCyber Gold

Calendrier

December 1, 2025

Le 30 octobre dernier, nous avons obtenu la certification AirCyber Gold, délivrée par BoostAeroSpace à la suite d’un audit réalisé par Advens, le Maturity Assessor que nous avons sélectionné.

Read the article
FlècheFlèche

Memority lève 13M€
auprès de Tikehau Capital

Calendrier

May 20, 2025

Memority lève 13 M€ auprès de Tikehau Capital pour devenir un acteur européen clé de la gestion des accès et des identités numériques.

Read the article
FlècheFlèche

Identités numériques : un levier clé pour NIS2 et DORA

Calendrier

April 30, 2024

NIS2 et DORA redéfinissent les exigences de cybersécurité et de résilience numérique en Europe. Un double cadre réglementaire qui pousse les organisations à renforcer leur gouvernance et leurs contrôles d’accès.

Read the article
FlècheFlèche
FlècheSee all articles
FlècheFlèche
Memority certified ISO 27001 and ISO 27701 - Memority