
Cyber risk management: AREAL is ISO/IEC 27001:2022 certified
AREAL is pleased and proud to announce that it has obtained ISO/IEC 27001:2022 certification. It attests to its commitment to information security. Arnaud Judes, Managing Director of AREAL, explains the ins and outs of this approach.
What is ISO/IEC 27001?
ISO/IEC 27001 is the world’s best-known standard for Information Security Management Systems (ISMS). It defines the requirements that an ISMS must meet. It provides companies with guidelines for establishing, implementing, maintaining and continuously improving an ISMS. ISO/IEC 27001 helps companies to become aware of the risks associated with cyber crime, to proactively identify and address their weaknesses and thus limit their vulnerability to the threats of cyber attacks. AREAL obtained ISO/IEC 27001:2022 certification in March 2025 after more than two years’ work.
We explain all about AREAL’s approach in four questions.
1. Why did AREAL decide to undertake this certification process?
At AREAL, we have long been aware of the challenges of information security. Saying it is good, but proving it is even better!
Our commitments to our customers, partners and regulators require us to be resilient in the face of cyber threats and to protect our information system, which is essential for the development and support of our Topkapi solution.
ISO/IEC 27001:2022 certification also enables us to show our customers that we are taking concrete action and that we are complying with the recommendations and key principles of the most widely recognised international standard in the field of ISMS.
As a software publisher, we have a duty to guarantee our customers reliable and secure management of their information, to strengthen the security of our source code and deliverables and to interact with our customers in compliance with IT security rules.
This approach was also initiated in response to customer requests: by responding to them, we wish to remain their trusted partner. Listening to and satisfying our customers is a priority.
We also wanted to prove that our data is processed and protected in compliance with current legal obligations (e.g. the GDPR).
2. In concrete terms, what major changes have taken place within AREAL as a result of this certification?
This approach has had a real impact on our organisation, our methods and our IT infrastructure:
- Implementation of appropriate governance
- Implementation of a methodology and associated documentation enabling identification of the security risks associated with our strategic and sensitive information and our activities more generally
- Implementation of appropriate protection measures within our IS to guarantee the confidentiality, integrity and availability of the data we hold.
- Staff training in line with the measures taken and the recommendations of the standard, raising individual and collective awareness of information security issues
3. What does ISO/IEC 27001 certification mean in concrete terms for AREAL’s customers?
This certification demonstrates to our customers our commitment and ability to manage information reliably and securely, through a strong policy of cyber security and data governance. It also has an impact on the development of our Topkapi solution, with the increased adoption of secure coding practices.
Cyber risk management must be a priority in the face of rising cyber crime, and we have made it our own.
The European NIS1 and NIS2 directives and the French Military Planning Law are compelling our customers to use software solutions that comply with the strictest ANSSI (French Cybersecurity Agency) recommendations and to work with trusted cyber security partners. That’s where we come in.
4. What are the next steps for AREAL in terms of cyber security?
ISO/IEC 27001 certification, and with it cyber security, has become an activity in its own right within AREAL. Now that we have put in place our standards and methodologies, we need to constantly re-evaluate and improve our practices. Our aim is to achieve the highest possible degree of maturity and, above all, to constantly adapt to the ever-changing risks.
Security is now an integral part of our daily lives, and we will continue our efforts to maintain ISO/IEC 27001 certification year after year.
For Topkapi, we are aiming for First Level Security Certification (CSPN) from ANSSI in the medium term, which will be the culmination of all the efforts we have been making for a long time regarding cyber security.