Wimi certified for the security of your data
Wimi is certified ISO/IEC 27001:2022 by LSTI-COFRAC. Our information security management system meets the most stringent requirements to protect your sensitive data in SaaS mode.
ISO/IEC 27001 is an international information security standard. It specifies the requirements for establishing, implementing, maintaining, and continuously improving an information security management system (ISMS). Organizations whose ISMS meets the requirements of the standard can have it certified by an accredited certification body after an audit.
Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the standard was created in 2005 and revised in 2013 and then in 2022. The 2022 revision reinforces security control requirements with an Annex A including 93 measures divided into 4 areas.
The objective of ISO/IEC 27001 : enable organizations to systematically review their information security risks, design and implement a coherent suite of security controls, and adopt a management process that ensures that these controls continuously meet the security needs of the organization.
Wimi has obtained its ISO/IEC 27001:2022 certification at the beginning of 2025 and renewed in April 2026, issued by LSTI, a COFRAC accredited body. This certification covers security management concerning the Wimi collaborative suite delivered in SaaS mode.
Why ISO/IEC 27001:2022 is essential
Certification requires the systematic identification and evaluation of security risks. Your data is protected by a structured threat management framework that is proven and independently audited.
ISO/IEC 27001 facilitates your GDPR, NIS2 and sectoral compliance. A certified ISMS demonstrates your commitment to security with your customers, partners and authorities.
The standard requires regular monitoring and annual audits. Your security system is constantly adapting to evolving threats and guarantees long-lasting protection.
What the ISO/IEC 27001:2022 certification guarantees
The standard requires organizations to systematically review their information security risks taking into account threats, vulnerabilities, and impacts. A documented risk assessment process covers the entire certified perimeter and is reviewed annually.
ISO/IEC 27001:2022 defines 93 security controls in its Annex A, divided into 4 areas: organizational, human, physical and technological. These controls cover access control, cryptography, physical security, physical security, incident management, business continuity, and many other critical aspects of information security.
Certification requires comprehensive documentation of security policy, operational procedures, risk treatment measures, and audit results. This traceability guarantees transparency and the ability to demonstrate compliance on an ongoing basis.
The ISO/IEC 27001 certification process involves a three-stage audit conducted by qualified independent auditors. The Stage 1 audit verifies the existence and completeness of key documentation. The Stage 2 audit formally tests the conformity of the ISMS with the requirements of the standard. Annual maintenance audits confirm that the organization remains compliant.
The standard imposes a management process that ensures that security controls continue to meet the security needs of the organization on an ongoing basis. The non-conformities detected must be the subject of documented corrective actions.
ISO/IEC 27001 is recognized worldwide as the reference in information security management. Certification by an accredited body (such as LSTI-COFRAC) is functionally equivalent regardless of the national variant of the standard.
“Wimi is a solution perfectly suited to collaboration in project mode. Its ease of handling and the flexibility offered according to uses convinced us. Covid-19 and the periods of teleworking have only amplified the need for such a solution to maintain exchanges and continue our projects.”Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore and dolore magna aliqua. Ut enim ad minimim veniam, qui nostrud exercising ullamco laboris nisi ut aliquip ex ea commodo consequat. Duvet high grain color wine In voluptate velit esse illum dolore eu fugiat nulla pariatur.
“Wimi is a solution perfectly suited to collaboration in project mode. Its ease of handling and the flexibility offered according to uses convinced us. Covid-19 and the periods of teleworking have only amplified the need for such a solution to maintain exchanges and continue our projects.”
"Wimi nous permet de centraliser notre processus de création et de planification de contenus. La plateforme nous apporte une vision claire et centralisée de notre production. Je le recommande sans hésiter aux équipes qui veulent gagner en agilité et optimiser leur processus de création de contenus."
"Wimi nous permet de faciliter la communication entre le staff et les joueurs, de fluidifier le partage des données et d’accélérer la planification de nos évènements sportifs. Le budget est aussi très attractif au regard du périmètre fonctionnel, riche et ergonome couvert par la solution."
"Wimi est un outil sécurisé et sécurisant qui répond clairement aux besoins d’une profession réglementée par le secret professionnel. Travailler sur nos dossiers depuis la plateforme est devenu une évidence pour nous. Nous sommes bluffés par la facilité avec laquelle nos clients et partenaires adoptent la solution."
Cybersecurity and compliance resources
Your questions about ISO/IEC 27001:2022
What is the ISO/IEC 27001 standard?
ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continuously improving an information security management system (ISMS).
It requires organizations to:
- Systematically review their information security risks
- Design and implement a consistent suite of security checks
- Adopting a management process ensuring that controls continue to meet security needs
The latest revision of the standard (2022) reinforces the requirements with 93 security controls divided into 4 areas.
Why did Wimi obtain the ISO/IEC 27001 certification?
Wimi handles sensitive data from thousands of organizations on a daily basis (strategic projects, confidential documents, internal communications). The ISO/IEC 27001:2022 certification demonstrates our commitment to protecting this information with the highest security standards.
Our certification covers security management concerning Wimi and Kroqi collaborative suites delivered in SaaS mode, as validated by LSTI, a COFRAC accredited body.
This certification is part of our digital sovereignty and regulatory compliance approach, alongside our SecNumCloud, NIS2 and HDS commitments.
What is the difference between ISO 27001 and SecNumCloud?
ISO/IEC 27001 is a generic international standard for information security management. It imposes a framework for managing risks and security controls, audited independently.
SecNumCloud is a French qualification issued by ANSSI, specific to cloud computing. It goes much further than ISO 27001 by adding:
- Legal protection against extraterritorial laws (mandatory European capital)
- Total sovereignty (infrastructure, administration and data in France/EU)
- Over 360 cloud-specific technical requirements
- Mandatory qualified PASSI annual audits
In summary: ISO 27001 is a solid foundation recognized internationally. SecnumCloud is the highest level of requirement for the cloud in Europe, with a dimension of digital sovereignty that is absent from ISO 27001.
Wimi is ISO 27001 certified and in the process of SecNumCloud qualification (expected 2026).
How does the ISO/IEC 27001 certification process work?
ISO/IEC 27001 certification follows a three-step audit process defined by the ISO/IEC 17021 and ISO/IEC 27006 standards:
Stage 1 — Preliminary ISMS Audit
Verification of the existence and completeness of key documentation: information security policy, statement of applicability (SoA), risk treatment plan (RTP). The auditor meets with employees to verify their knowledge of the requirements of the standard.
Stage 2 — Formal compliance audit
Detailed and formal audit that independently tests the ISMS against the requirements specified in ISO/IEC 27001. Auditors are looking for evidence that confirms that the management system has been properly designed, implemented, and actually works. The success of this stage allows certification.
Maintenance audits
Follow-up reviews or audits to confirm that the organization remains in compliance with the standard. These audits take place at least annually and confirm that the ISMS continues to function as specified.
Who issues the Wimi ISO/IEC 27001 certificate?
Wimi's ISO/IEC 27001:2022 certificate was issued by LSTI (Capave LSTI), accredited certification body COFRAC under the number 4-0063.
The COFRAC (French Accreditation Committee) is the national accreditation body that guarantees the competence and impartiality of certification bodies. COFRAC accreditation is recognized at European and international levels.
Certificate Details:
- Number: 11313
- Effective date: April 13, 2026
- Validity: Until February 4, 2028
- Scope: Security management concerning Wimi and Kroqi collaborative suites delivered in SaaS mode
The validity of the certificate can be checked at any time with LSTI.
What are the 4 ISO/IEC 27001:2022 control areas?
The 2022 revision of ISO/IEC 27001 has restructured Annex A around 4 main areas combining 93 security checks:
1. Organizational controls
Security policies, security organization, asset management, access control, access control, relationships with third parties, incident management, business continuity, compliance
2. Human controls
Human Resources Security, Background Checks, Security Training, Responsibilities, and Codes of Ethics
3. Physical controls
Physical security of premises, physical access control, protection against disasters, security of equipment
4. Technological controls
Cryptology, communications security, operational security, secure development and maintenance, incident detection
These 93 controls cover all critical aspects of information security and should be evaluated during the Declaration of Applicability (SoA).
Does ISO/IEC 27001 guarantee 100% security?
No ISO/IEC 27001 does not guarantee absolute security, but a robust and audited process information security management.
The standard requires:
- One systematic risk management to identify and deal with threats
- The implementation of appropriate security controls based on the risks identified
- One continuous improvement process to adapt to evolving threats
- Of regular independent audits to check the effectiveness of the system
No organization can eliminate 100% of security risks. ISO/IEC 27001 ensures that risks are identified, evaluated, processed and monitored in a structured and documented manner.
At Wimi, ISO 27001 certification is part of a global approach that also includes SecNumCloud qualification (in progress - 2026), NIS2 compliance, and HDS sovereign hosting.
Does my organization need to be ISO/IEC 27001 certified?
The ISO/IEC 27001 certification is not not mandatory for most organizations, but it is highly recommended in several cases:
Recommended if you:
- Handle sensitive data (health, finance, defense, R&D)
- Are subject to strict compliance obligations (RGPD, NIS2, regulated sector)
- Work with security-demanding customers
- Do you want to demonstrate your commitment to security in a credible way
- Have to respond to tenders requiring ISO 27001
Mandatory or almost mandatory for:
- Some operators of essential services (OSEs) by sector
- Digital service providers in critical sectors
- Organizations working with defence or armaments
- Cloud providers subject to SecNumCloud (ISO 27001 is a prerequisite)
Even without obligation, choosing an ISO 27001 certified provider like Wimi guarantees that your data is protected according to the strictest international standards.
Can Wimi help me get ISO/IEC 27001 certification?
Using Wimi, an ISO/IEC 27001:2022 certified solution, greatly facilitates your own certification process by providing you with:
A compliant infrastructure
Wimi already meets the ISO 27001 requirements for data security management in SaaS mode, which covers a significant part of your perimeter.
Documentation ready
Our security policies, access controls, incident management, and traceability are documented and auditable, facilitating your own ISMS documentation.
Audit evidence
You can provide your auditors with our LSTI-COFRAC certificate and our declaration of applicability as proof of the compliance of your collaborative solution.
Technical controls
Encryption, multi-factor authentication, logging, backup, business continuity: Wimi implements the technical controls required by ISO 27001.
Our experts can support you in your certification process and explain to you how Wimi fits into your ISMS.
Ready to protect your data?
Wimi offers you a collaborative suite certified by LSTI-COFRAC, in accordance with international information security standards. Learn how we protect your sensitive data.