Lyon, May 20, 2025 – We are proud to announce that we have successfully transitioned our Information Security Management System (ISMS) certification from ISO/IEC 27001:2013 to the updated ISO/IEC 27001:2022 standard.
What is ISO 27001?
ISO 27001 is the most internationally recognized standard for information security management, defining comprehensive requirements across areas such as policy, process, records, ownership, risk management, resourcing, and communication.
Why the Transition from ISO 27001:2013 to ISO 27001:2022?
The ISO/IEC 27001 standard has been modernized to better address today’s rapidly evolving technological environment, emerging cybersecurity threats, and the growing importance of data privacy. This update ensures that our ISMS remains robust, effective, and aligned with the highest global standards, reinforcing our commitment to protecting the information assets of all our stakeholders.
Key Reasons for the Update:
1. Alignment with Modern Technologies and Threats
- Inclusion of Emerging Technologies: The 2022 revision addresses advancements such as cloud computing, artificial intelligence (AI) which were not prominently featured in the 2013 version.
- Enhanced Cybersecurity Measures: New controls have been introduced to tackle contemporary threats, including those related to cloud services and supply chain vulnerabilities.
2. Restructuring of Annex A Controls
- Simplification and Clarity: The number of controls has been reduced from 114 to 93, with a reorganization into four categories: Organizational (37 controls), People (8 controls), Physical (14 controls), and Technological (34 controls). This restructuring aims to simplify implementation and improve clarity.
- Introduction of 11 New Controls: New controls have been added to tackle contemporary security challenges, including:
- Threat intelligence (5.7)
- Information security for the use of cloud services (5.23)
- ICT readiness for business continuity (5.30)
- Physical security monitoring (7.4)
- Configuration management (8.9)
- Information deletion (8.10)
- Data masking (8.11)
- Data leakage prevention (8.12)
- Monitoring activities (8.16)
- Web filtering (8.23)
3. Enhanced Risk Management Focus
- Proactive Risk Assessment: The updated standard emphasizes a more integrated and systematic approach to identifying, assessing, and mitigating information security risks, incorporating both internal and external factors.
- Integration with Business Objectives: There’s a stronger focus on aligning information security objectives with the organization’s strategic goals, ensuring that risk management supports overall business
4. Greater Top-Level Engagement
- Strategic Alignment: “Our top management was already highly involved in our ITSM, and the 2022 standard now recognizes the importance of this commitment by emphasizing the need for information security to be aligned with business objectives and embedded in the organizational culture.
5. Improved Performance Evaluation and Integration with Other ISO Standards
- Continuous Improvement: The revised standard provides a more detailed framework for evaluating the performance of the ISMS, promoting continual improvement through regular monitoring and review.
- Harmonization with ISO Frameworks: The 2022 revision aligns more closely with other ISO management system standards, such as ISO 9001 (Quality Management) and ISO 14001 (Environmental Management), facilitating integrated management systems.
What This Means for Our Security Practices:
With this transition, we have enhanced our security posture by:
- Refining Risk Management Approach: We revisited our risk assessment methodologies to incorporate the updated emphasis on a risk-based approach, ensuring that our controls effectively address both existing and emerging threats.
- Enhancing Cloud Security Measures: With the inclusion of controls specific to cloud services, we’ve strengthened our cloud security strategies, ensuring robust protection of data in cloud environments.
- Improving Incident Response: The new controls on threat intelligence and monitoring activities have bolstered our ability to detect and respond to security incidents promptly.
- Strengthening Data Protection Practices: The new controls on data masking and information deletion led us to enhance our data protection measures, further aligning with data privacy regulations and safeguarding sensitive information.
- Optimizing Configuration Management: We reviewed our configuration management processes to ensure secure and consistent configurations across our information systems, reducing the risk of vulnerabilities.
We remain proud of our original achievement: Antidot first earned ISO 27001:2013 certification after rigorous third-party audits by Certification Europe, reflecting our unwavering commitment to the highest level of internal compliance and security.
Being ISO 27001 certified guarantees that we’ve achieved the highest security level and is a testament to the fact that Antidot prioritizes data security for its clients, investors, partners, and employees.
It ensures that:
- All data is rigorously protected
- Risks and vulnerabilities are assessed, minimized, and eliminated
- Our software product and infrastructure are robust and secure
- Antidot has an internal culture of security, so all employees prioritize information security by design
- We demonstrate operational excellence when it comes to our IT, R&D, HR, and information processes
Stéphane Loesel, Chief Technology Officer, said:
“Security is ingrained in our culture and runs through our organization and customer delivery approach. Achieving the ISO 27001 certification assures customers that we are operating recognized frameworks for managing information security and that secure systems and procedures are in place at all stages of our business.”
Laura Clemente, Compliance and Security Specialist at Fluid Topics, added:
“Upgrading to ISO/IEC 27001:2022 reflects our ongoing commitment to enhancing security resilience and adapting to the latest threats. This advancement empowers us to maintain robust protection and foster lasting trust among our clients, partners, and employees.”
This successful transition to the 2022 standard underscores our ongoing dedication to safeguarding sensitive information and continuously improving our security framework to meet the challenges of today’s digital world.
You can find Antidot’s new ISO 27001 certificate here.