EPSA obtains ISO 27001 certification from AFNOR, confirming the excellence of its information security system
The French group EPSA, a European expert in the operational, financial and environmental performance of organisations, announces that it has obtained ISO/IEC 27001 certification for the period 2025–2028. This international recognition confirms the group’s high standards in terms of information security and digital risk management.
Certification covering Cloud, Workplace, Operations and Cybersecurity activities
This ISO 27001 certification covers several key areas of EPSA’s information system: Cloud Infrastructure, Workplace, Operations and Cybersecurity. It guarantees that the group’s sensitive and strategic information – as well as that entrusted to it by its customers and partners – is protected against any risk of unauthorised access, alteration or loss. In accordance with the ISO 27001 standard, this certification will be subject to annual compliance audits conducted by AFNOR to ensure that the group’s practices are maintained and continuously improved.
A strong commitment to trust, resilience and compliance
This distinction illustrates the group’s overall strategy of offering secure, resilient IT services that comply with international standards. The Information Security Management System (ISMS) deployed by EPSA structures governance policies, technical procedures and employee awareness initiatives to guarantee the confidentiality, integrity and availability of data.
The IT infrastructure is based on a Microsoft Azure and M365 environment, hosted exclusively in Europe and certified to ISO 27001, ISO 27018 and HDS, ensuring full compliance with the GDPR. This approach is in line with the group’s commitments to responsible governance and cybersecurity, as outlined in its 2024 sustainability report.
ISO 27001 certification attests to the maturity and rigour of our security systems. It reflects EPSA's commitment to providing its customers and partners with a reliable digital environment that complies with international best practices
, CIO & CISO of the EPSA group
A trajectory of continuous progress and an extension of the scope in 2026
EPSA plans to extend the scope of certification to its application services, from development to operation, in 2026. The first step has already been taken: several entities within the group have code audit and application deliverable quality control processes in place, guaranteeing a preliminary level of assurance for their customers.
This certification illustrates our commitment to combining operational performance and data security. It is fully in line with our strategy of responsible growth and lasting trust with our customers, partners and investors.
, CEO of EPSA
Share this article
