What is ISO 27001?

ISO = International Organization for Standardization

  • ISO 27001 is a well-recognized standard across the world. In fact the global norm with respect to information security management systems (ISMS).
  • ISO 27001 is ensuring that a company or non-profit understands where its strengths and weaknesses lie.

Accomplishing the ISO 27001 certification is typically a long-term process that requires significant involvement from both internal and external stakeholders. Above all, it’s not as simple as filling out a form and submitting it for certification. Firstly, before applying for certification, you must validate that your “ISMS” is fully developed and covers all potential areas of IT risk. Secondly, knowing your weaknesses is the key to protecting your organization’s information.


CIS Group is an ISO/IEC 27001 certified enterprise.

CIS Group officially obtained its certification in February 2021. Most importantly, this is a global standard for managing the security of information assets. It provides the requirements for an information security management system (ISMS). An ISMS implies a systematic approach to managing and securing sensitive information, by involving personnel and by applying risk management processes to IT systems.

Although CIS Group is ISO 27001:2013 certified. We treat ISO 27001 compliance as an ongoing project, whereby we maintain certification and increase trust with clients, partners, and the public.

A very common mistake that many organizations make, is placing all responsibilities for ISO certification on their IT team. In conclusion, we may say that although information technology is at the core of ISO 27001, the procedures and processes must be shared by all parts of the organization.


CIS Group Security Policies 

Therefore, CIS Group has policies in place to reduce the risks associated with managing information assets.

These policies address the controls in the ISO 27001/27002 standard.

 ISO 27001:2013 Benefits

  • Compliance. Adhering to these regulations is the best way to ensure data protection, privacy, and effective IT governance. CIS Group is continuously audited for compliance.
  • Market Advantage. CIS Group sets itself apart from the competition by assuring clients that their sensitive information is safe and secure. Many customers require this certification before doing business.
  • Reduce Expenses. Lower expenses caused by security incidents. Such as service interruptions, data leakage, or the harmful actions of individuals (whether accidental or intentional).
  • Orderly Business Growth. CIS Group is a growing company. To ensure sustained control, it is important to define the duties of key people. Identifying who is responsible for information assets, and who can authorize system access.


“We have implemented a personalized security program so that best security practices are followed at all stages of the development of CIS Group products,” says Guillaume Caron, President and CEO of VARS, the cybersecurity division of Raymond Chabot Grant Thornton who supported CIS Group in this process.

CIS Group is now able to assure its customers that it complies with the most rigorous cybersecurity rules. “This will give us a competitive advantage, promoting customer loyalty, and supporting our development at home and abroad,” said Éric Tessier, Vice-President Sales & Marketing at CIS.

As also explained in an article published in Les Affaires, “CIS Group had already planned to make this step soon, but moved ahead when two major customers asked it to comply with a recognized cybersecurity standard. This is a reality that affects all SMEs. Indeed, more and more large public and private companies require their suppliers to put in place strong information security measures. They want to protect themselves from cybercriminals who seek to attack them by infiltrating the systems of their suppliers, says Caron. The pandemic, which has changed working methods, has accelerated this trend.”


Therefore, our enterprise takes not only great pride but also responsibility in maintaining and staying up to date with our ISO certification. That is to say, at CIS Group we will continue to do everything to reduce the risk of any IT breach.

Melanie Ladouceur,

Sales and Digital Communications Coordinator