jQuery(function($){ $('.logo_container a').attr('href','https://feelagile.com'); });
Select a page
How to choose the right service provider for ISO 27001 support? - Part 2

How to choose the right service provider for ISO 27001 support? - Part 2

I - Choosing a service provider 

In this second part, we'll discuss the different types of company you may encounter, and the different support systems available. 

Didn't you read the first part of this article? Click here!

Choosing independent consultants 

In reality, choosing an independent consultant who is not part of a network is not the ideal choice.
Opting for an independent consultant or a small company to support an ISO 27001 certification project can have certain disadvantages. While individualized expertise and a personalized approach are advantages, companies may come up against limits in terms of resources and availability. An independent consultant, managing several clients at the same time, may not be able to offer the ongoing responsiveness and attention that this project requires.

What's more, if the consultant's expertise is broad but shallow, he or she may lack the specialist knowledge needed for complex or industry-specific cases (e.g. legal or cybersecurity). There is also the risk that a single consultant may not have an extensive network of contacts to support the project.. Contrary to consulting firms, which can offer a multidisciplinary team and access to a wider range of skills and experience. Finally, continuity of service can be jeopardized if the consultant falls ill or decides to change career.  

What's more, the question of costs is counter-intuitive, as an independent consultant will be more expensive for the same service, and above all without commitment. We have found that some projects cost in excess of €60/80K without producing any real results.. 

The training company 

Choosing a training company that only provides training for ISO 27001 coaching can have certain disadvantages that merit careful consideration. A training company may focus mainly on the theoretical aspects of ISO 27001.. This will provide a robust understanding of the principles and requirements of the. But it may lack the practical implementation experience needed to truly integrate the standard into the company's processes. This can lead to a gap between theory and practical application, complicating the implementation phase. What's more, training firms can sometimes adopt a standardized approach. This approach does not take into account the particularities and specific needs of each company.. As a result, it can be less effective for organizations with unique requirements.

The group training provided by these firms can also dilute the individualized attention that a dedicated consultant could offer. Finally, the costs associated with hiring a training firm to provide coaching can be significantly higher.. Notably when additional training sessions are required to cover all aspects of the standard and its application. It is therefore essential to ensure that the chosen firm offers a balance between theoretical training and practical support adapted to the company's operational realities. 

The support company 

Opting for an ISO 27001 consulting firm that offers both training and operational support is a strategic choice rich in advantages. One of the main benefits lies in the integrated approach offered by these firms, which combines the transmission of essential theoretical knowledge with personalized practical support. This model enables companies not only to understand the requirements of ISO 27001, but also to know how to implement them concretely and effectively within their day-to-day operations.

A consulting firm usually offers the expertise of a multi-disciplinary team that can bring a diversity of perspectives and skills, enriching the implementation process and increasing the chances of successful certification. In addition, ongoing operational support ensures that information security practices are not only compliant with international standards, but also adapted and evolve in line with innovations. Last but not least, investment in a consulting firm can prove economically advantageous in the long term, by avoiding costly mistakes and optimizing internal processes, leading to improved risk management and organizational resilience.

Outsourcing 

Outsourcing the implementation of ISO 27001, including training and operational support via a software solution, offers several strategic advantages for a company. Firstly, it provides access to specialized expertise and advanced technological resources without the costs and long-term commitments associated with hiring in-house. Outsourced service providers offer tailor-made training programs that can be adapted to the company's specific needs, ensuring that staff understand the requirements of the standard and know how to apply them effectively.

In addition, the use of a dedicated software solution facilitates the monitoring, management and continuous improvement of information security processes, making ISO 27001 compliance more accessible and less prone to human error. This type of service also offers greater flexibility, enabling companies to adapt quickly to changes in the standard or new regulatory requirements. Finally, outsourcing through a software solution can provide a centralized platform for documenting, managing and reporting security measures, simplifying auditing and certification while offering a coherent overview of the organization's security posture. 

II - Criteria for Selecting a Service Provider

 Expertise and experience: Importance of experience in similar projects. 

First of all, we need to understand what it means to be ISO 27001 competent. Here are the key points of comparison, drawn from hundreds of ISO 27001 projects. 

Number of projects supported 

You need a company that has accompanied many certifications in recent years. Because today's certifications have evolved considerably over the past 3 years. Standards and regulations have evolved, and certifiers' requirements have changed. It is not uncommon for certain service providers to remain anchored in outdated practices or requirements. 

Updating knowledge 

Security and regulations require constant updating, so it's important to choose a service provider with knowledge of organization, cybersecurity documentation and legal issues. 

What's more, this service provider should be able to offer you a cybersecurity monitoring service. 

Expertise in standards and certification 

These projects often require comprehensive expertise in safety and quality standards, and certification processes. This certification expertise will give you full control over the final certification outcome. 

Cybersecurity expertise 

This is a criterion often overlooked when choosing a service provider. Some companies think they have the skills required to implement security measures, or already have a partner in this field. 

Why is it important to have a firm with cybersecurity expertise

This enables us to advise you on the simplest and most cost-effective solutions to put in place to ensure the highest level of security. It also enables you to check the technological solutions put in place by your current partners, and get an outside, unbiased view. 

Legal expertise  

Your support company must also have the necessary legal skills to advise you on contractual regulatory aspects linked to the RGPD or linked to information security regulations. 

You can find out more about information security and regulation on our Club Cyber website. In particular, we have a special report on cybersecurity regulations in our Club Cyber VIP subscription section. 

The key player (the project manager or coach) 

There are some areas that can be misleading. The choice of speaker is one of the most common errors.Experience is important, as is the associated knowledge, but above all you need someone with a flair for teaching and the ability to support change. The typical expert with 20 years' experience will be able to speak like an encyclopedia, but will not necessarily be able to support you properly. Of course, this person can benefit from internal support in terms of expertise (mainly cyber or legal)..

The method 

The methods used are of crucial importance. Even if you can't judge them easily, a good method will help you to succeed in the project, and a complex method will drag you into a lengthy project. Trust your perception when service providers present you with the method: Is it clear? Is it simple? Ask several people within the company to see if they have the same information. Is the method based on principles that fit in with your culture? 

Tools and solutions

A project without a tool and solution will force you to use office tools like Excel and Word, or spend a lot of time developing your own solution. 

In our experience, no company has really succeeded in implementing a management system solution on its own. That's why it's important to rely on commercially available software. Really up-to-date and useful software costs no more than €5,000 a year. But it's software that's structured enough to be able to maintain your management system over time, to benefit from the bullets of knowledge bases included and up to date, as well as the possibility ofautomating your management system and thus saving time each year in setting up safety actions and maintaining it.

Individual bias

As with any choice of solution, you could have individual assets linked to your previous experiences or those of your partners. It was important to take a step back, so as not to hold on to preconceived ideas or false beliefs. 

Among these false beliefs are the following: 

  • ISO certification misses this view it's only documentation 
  • a support service is bound to be more expensive than an independent consultant 
  • if I want something made-to-measure, I have to redo everything for myself 
  • ... 

I can only recommend that you compare the different approaches and remain open to the most factual arguments. 

Certifications

The company must have 3 types of certification: 

  • individual consultant certifications, 
  • Certifications such as ISO 27001 (which can demonstrate that the service provider applies the same principles as those recommended). 
  • other technical qualifications may exist in the field of IT security 

III - Financial considerations 

The overall budget for an ISO 27001 project just for external purchases is around €50,000 minimum. For companies that don't have this budget, you'll need to consider a slightly different approach than coaching. For more information on this specific subject, please contact us: Solution Stellar

If you want to understand the costs of accompaniment, we've put together a FAQ and videos on the subject.

The cost is always made up of in-house time, support time and costs, maintenance costs, security solution costs and certification costs. 

It's important to know that if you are well supported by a company, this will not only reduce your internal costs, but also your maintenance and certification costs. 

What's more, some companies like Feel Agile can help you put together grant applications and guide you in the best strategy for building your project financially. 

Optimizing safety costs 

Good advice on technical security can save you a lot of money. In particular, by choosing the solutions best suited to your cybersecurity context

The items on which savings can be made are : 

  • outsourced soc-type systems or EDRs 
  • peine test or security audit systems 
  • phishing, employee testing or awareness systems 

If you're well advised, you'll be able to get the most optimized systems, sometimes with open source solutions. 

Choosing a solution to manage your ISO 27001 certification 

Why choose ISMS management software? This software will cost you around €5,000 a year. But it will save you an enormous amount of time in setting up and maintaining your certification.  

If you would like a demonstration of our partner solution, please contact STELLAR.

The cost of internal auditing 

ISO 27001 requires you to carry out full internal audits in the first year, and annual internal audits for monitoring purposes. 

It's important to carry out fairly comprehensive and detailed internal audits, so as to have a real, and it's under the same conditions as certification, but more exhaustive, guarantee of a project's success

So it's important to have a certain duration and therefore a certain cost for internal audits. 

Choice of certification body 

Prices can vary significantly from one phase to the next, so it's important to seek advice from your certification body. It's also important to understand that the role of the certification body is solely to verify the implementation of a system. They can't be judge and jury, nor can they support or train you. So beware of certification companies that don't respect this minimum ethical standard - it's generally not a good sign.  

What's more, they can be highly biased , since they don't provide any real support or assistance, but focus solely on the project's purpose and not on the internal life of the company. 

Managing the certification partner also represents a significant amount of time, so don't hesitate to ask your partner if his service includes managing the certification body and putting together the files. All the actions required for certification are included in the support services offered by our company. 

IV - Proposals and Quotations 

Of course, proposals and quotations must be clear and detailed. That said, just because a service provider provides a fifty-page presentation doesn't mean it's a good sign. 

Once again, the emphasis is on pedagogical skills, and therefore on the clarity and simplicity of the product documents, rather than the weight of the documentation. 

Prefer presentations that are concise, but which present all the precise criteria of the support and the content of the services to be provided. 

Companies that are vague about their deliverables should be excluded, as should those who are unable to give you a precise price for a service. 

In fact, a company that has mastered ISO 27001 support is perfectly capable of telling you precisely the scope of its support work to achieve a result with a company. 

Companies who don't commit to a fixed price are in fact companies who haven't thought through the support process, and don't really have a methodical approach to change support. 

V - Communication and Support 

Conclusion 

  • Summary of these two parts on " How to choose the right service provider for ISO 27001 support?

Contact us

Any projects? Any questions? Do not hesitate to contact us!


How to start an ISO 27001 certification project?

How to start an ISO 27001 certification project?

You want to start an ISO 27001 certification project but you don't know how to start the project in your company? You feel lost in front of the immensity of the task? In this article, we'll look at the first actions you can take right from the start, even before meeting the requirements of the standard.

Framing the ISO 27001 certification project

You know you want to implement ISO 27001 certification. You have bought the texts of the standards. And you have read them. Now, how do you do you start? How do you start an ISO 27001 certification project?

1 - Anticipate costs

The first step is to be aware of, foresee and plan the financial cost of such a certification project. It is necessary to distinguish two types of costs: the internal cost (of implementation) and the external cost of certification:

  • the internal cost is estimated according to the maturity and complexity of your company. It is necessary to take into account the costs linked to the time spent by your teams on the certification project and the tools and measures that you will deploy to meet the requirements of the ISO 27001 standard. It is in this phase that calling upon an external consultant can help you to structure your certification process by saving time and guaranteeing you not to fall into an "over-documentation" to pass the certification.
  • the external cost is calculated by the certifying body according to the perimeter of your company to be certified and the size of your company to determine the audit time that will be invoiced.

The return on investment of the certification process is very positive for companies in terms of organization and business development

Learn more about the costs of certification

2 - Have a voluntary and involved approach

To engage in an ISO 27001 certification process requires investment and a real will from the management. It takes on average one year to get certified ISO 27001. There is never a good time to start this process, you will never have all the conditions gathered to be "ready" to start. So, a piece of advice, get started!

The support of the management is essential as well as its involvement in the decisions and the communication

The first step: Diagnosis of the company

Once the project outline is defined, you can begin the first phase of diagnosis: meet your teams and listen to your customers.

1 - Take a first census?

You can start by making a first inventory of the tools used by all your teams, of the documents that exist concerning the different processes of the company. This inventory will provide you with a base on which you can rely for your next actions.

2 - Going into the field

Then, you can go to the field to meet your teams or discuss with your customers about security! This will allow you to complete your first inventory of what already exists (in terms of process, work organization) and to know the current problems and expectations in terms of information security.

3 - Mobilize internal skills

Next, it is essential to determine the roles of everyone in the certification project. Who will be the internal certification project manager; i.e. responsible for monitoring the actions? Who will be the CISO; responsible for security implementation and control? How will the teams work together on this project?

4 - Use an external consultant

Do you want to start this project on the right footing right away and follow the right direction to get certified? Call on an external consultant who will be able to advise you on your approach. This will allow you to have an external view on your project, to better organize your process and to save time! This is not negligible... At Feel Agile, we want to build with you solid foundations so that your certification is a real improvement process for your company.

Po diagnose security in your company, you can rely on the ISO 27002 good practice standard

Obtain the ISO 27002 code of good practice in information security

Start documenting

Finally, you can also create your documentation (have the reflex to document your processes or procedures). Starting from your first inventory, you will already see gaps to be filled, processes not described, documents not updated,... The goal here is to document all your action in terms of information security.

This will always be useful and can be used as a basis for your future actions!

Once you have completed all these steps, you are more than ready to fully embark on the certification process! Feel Agile accompanies you all along your action, from diagnosis to certification.

We have discussed some key elements to answer the question "How to start an ISO 27001 certification project". If you want to know more about our support, contact us! We will be happy to answer your questions!

Contact us

Any projects? Any questions? Do not hesitate to contact us!


Cybersecurity, the engine of growth for startups

Cybersecurity, the engine of growth for startups

In an increasingly demanding and regulated ecosystem, cybersecurity has become a major issue for startups. Between data protection (RGPD) and regulatory compliance (NIS, HDS, PDP), it is essential to understand the risks and implement appropriate measures to ensure the sustainability and growth of your business. (Indeed, we believe that cyber is not a brake, but a gas pedal, we explain why)

In this article, we will discuss the issues, the regulatory context, the minimum actions to be implemented, the importance of certifications and documentation, as well as the expected benefits of these approaches.

Finally, we will invite you to a Feel Agile event : Startup, SME: How to prepare your cybersecurity plan?

What are the challenges for startups?

Going fast or safe?

Startups, because of their size and speed of innovation, do not always have security measures in place and can be a prime target for cybercriminals.

A cyber attack can have disastrous consequences for a young company: theft of intellectual property, loss of customer confidence, service interruption or even financial penalties. Faced with these risks, it is crucial to adopt a proactive and controlled approach to cybersecurity.

But the challenges of cybersecurity go far beyond simply protecting data.

Large groups and NIS 2

Indeed, they also have to meet the requirements of their partners, especially large groups, who may ask them to fill out very detailed security questionnaires to ensure their compliance. Moreover, concerning these large groups, the NIS 2 regulation and its application will lead to the obligation of ISO 27001 certification for 100s of startups and subcontractors.

(You will find a video on this subject about the state of the art regulation + certification)

27001, the growth booster!

Secondly, good cybersecurity management is a reassuring element for potential investors. They are looking to minimize risk and therefore prefer to invest in companies that have strong security measures in place and comply with current regulations.

The grail being obtaining the ISO 27001 certification in information security. Our clients are experiencing a major competitive advantage as a result of obtaining the certification.

Thus, a proactive approach to cybersecurity not only helps protect the company from cyberattacks, but also enhances its credibility with partners and investors.

What are the key actions to put in place to secure your startup?

You want to convince customers?

If you want to convince customers to follow you, you need to secure yourself.

To ensure optimal protection, here are some basic measures to put in place within your startup:

  • Staff awareness: training employees in good cybersecurity practices is essential to prevent incidents.
  • Regular software updates: security patches should be applied as soon as they are released to reduce potential vulnerabilities.
  • Use of security tools: antivirus, firewall and data encryption solutions are essential.
  • Access management: limit permissions and implement a robust password policy. At a minimum, make tools for monitoring entries and exits, monitoring the various accesses to SaaS solutions...
  • Ensure regular backups: It is important to back up your company's data on a regular basis to avoid data loss.
  • Enable two-step verification whenever possible

Cyber not so easy to get started?

Of course, you already know these actions and measures, but you certainly find it difficult to :

  • Prioritize measures
  • To see clearly what is being put in place
  • To be followed and be sure that the measures remain in place,
  • To prove what you do

That is why we will advise you to adopt a structured approach.

  1. Establish your issues and the regulatory context
  2. List your important assets (personal data, customer data ..)
  3. Analyze your risks (Measures in place, risks, Measures to be implemented)
  4. Define your action plan
  5. Pilot
  6. Control via security checks, audits or penetration tests
  7. Implement automatic checks and reviews
  8. Improve (I like this point)

The importance of certifications and why not ISO 27001?

Oh, but that sounds like our 27001 approach?

If you're at this point, you need to take the plunge and become ISO 27001 certified

ISO 27001 certification is known to be a difficult certification, but it is not!!!

It requires structure, method and especially experience. At Feel Agile, we have accompanied 10 aines of Startup, it is necessary to follow a clear method and ensure a sacred triptych:

  • A project manager who steers the actions
  • an awareness
  • a real competence in the implementation of

ISO 27001 is a guarantee of security for customers and partners. It attests to the respect of best practices and international standards.(ISO 27001is an informationsecurity management standardthat allows the implementation of an Information Security Management System (ISMS) and guarantees the protection of the company's and its customers' data).

Is ISO 27001 expensive?

False and arch-false !!!!

Beyond the classic "it's an investment", at Feel Agile, we have made it a point of honor to democratize cybersecurity. A startup with less than 10 employees can set up and obtain the certification for less than 10 K€, including the certification over 3 years(May 25, we explain how)

Feel Agile, the cyber player for startups and agile companies!

We are proud and grateful to have accompanied dozens of startups over the past two years in obtaining ISO 27001, HDS, 9001 ...

We have prepared for you some feedback from our favorite startups:

ODROA - (HDS certified) specialized in the analysis and management of sensitive data such as health data.

Feedback from the manager, Partick PAYSAN, on his HDS approach

PHOENIX FLEET EXPERT, (ISO 27001 certified) - specialist solution for fleet management.

Nadège Goussault's experience , Administrative and Financial Director

VERYSWING - (ISO 27001 certified) - SaaS solution for the enterprise

Feedback from Nicolas SAILLET, Director

ALL OUR WEBINARS in replay

Access all our REPLAY WEBINARS on certifications

Contact us

Any projects? Any questions? Do not hesitate to contact us!


How to innovate in the approach to ISO 27001 certification?

How to innovate in the approach to ISO 27001 certification?

Meet our CEO, Thomas De Mota, who will help you rediscover the certification process!

The certification process is often approached as a constraining documentary rule of the standards to answer a customer requirement. How can we approach it in another way?

Do you want to get started with ISO 27001 certification, but don't know how to go about it? Perhaps you imagine that you will have to produce a mountain of documents and meet an incalculable list of requirements?

What if you looked at it in a different way?

It is quite true that there is documentation to be produced. Security rules as well as security policies have to be established. Procedures also need to be defined in formal documents. This is the reality, but it is just one aspect of the certification process. Instead, let's try to look at it from another angle, that of innovation.

Innovation? We can innovate when we launch our ISO 27001 certification process?

Absolutely! This is our way of doing things at Feel Agile.

Innovation means creating room for maneuver in the way we implement ISO 27001 and security.

To be able to innovate, it is therefore necessary to know the standard and the text well. We are talking here about the ISO 27001 standard, but also about all the accompanying standards (ISO 27002, ISO 27003,...) These are standards that will deal with particular points of the implementation of the 27001. It is therefore very important to know them in depth in order to find and understand the possible room for maneuver. By knowing the minimum requirements, we don't put up too many barriers to innovate. The auditor cannot add requirements that are not defined in the standard.

To innovate, we must know the standards perfectly to know our margins of maneuver

What does this mean in concrete terms, for example?

Let's take the example of the Management Review. In the past, we used to do the Management Review on a semi-annual or annual basis. We would review incidents and all security issues.

When a company is mature on these issues, it works very well. But when you put things in place, it's better to hold monthly Management Reviews. This makes it easier to anchor the Review in the practices. Some consultants would say that we "don't have the right" and that "it's not a game" but yes, we do have the right! As long as we meet the minimum requirement of going through all the security topics once a year, we have every right to adapt it to our liking.

For example, we can review incidents in January and risks in August. We don't have to do everything at the same time. That's what I recommend, so that we can integrate the topics more regularly and keep them up to date all the time. This is a good example and we can apply it to all the requirements of ISO 27001.

Conduct short, participatory management reviews every month

Who can take this approach?

This approach to certification is very much for agile-minded companies. It's really applying the "agile" mindset to security. We're moving forward in small chunks on a regular basis, chopping everything up, rather than building it all at once by doing something too complicated.

Can companies that do not have this agile operation still implement this approach for their certification?

Yes, completely. It's completely independent of the official methods. It is applied directly to the organization. This can lead the company to evolve in the way it is structured.

However, it is more complex on large IT projects to integrate security because there is often a history that is difficult to take back. With the ISO 27001 standard, we really talk about security in its entirety.

What are the important points in this ISO 27001 certification process?

I think that in order to innovate, the presence of management in the decisions made is essential.

If you want to go fast and be efficient on security, you can also invest in small awareness training. There are nowadays very interesting tools that will allow you to automate your awareness campaigns (like Lucy Security).

Tools that will also automate your security processes are also an essential investment.

There is no substitute for face-to-face training, with direct dialogue with operational staff

On the other hand, starting from the field is another important element. You have to build security approaches on what is already in place. Knowing the field well and not copying a ready-made system is essential! The system is thus built progressively and with the teams.

What we recommend at the beginning is to carry out audits from the beginning of the project. This way, people are prepared and made aware very early on. Instead of only doing blank audits, we favour concrete and operational internal audits. This allows us to get information from the field and to know the existing system perfectly in order to build an adapted system.

Integrate flash audits by subject or process

If we want to start a certification project, how can we lay the right foundation from the beginning?

The most important thing is that the company's management is involved. They have to be involved in a very concrete way by dealing with security issues and incidents, by demanding accountability. They will also impose security policies. By imposing the basics, the minimum security rules, management shows its strong commitment to the process. But be careful, it must be able to assume these choices and the resources linked to the proper functioning of this policy!

How can we make sure that the approach we put in place is in line with our company's DNA?

Security is valid for all companies! Trust within companies is essential, but it is not enough: you cannot have security without control. However, the notions of flexibility and adaptation are present in security. This is what we call operational security: we take into account the reality of people and their work so as not to establish a system that is too restrictive. If it is too restrictive, the system and the rules will be circumvented... The key is to build a fortress that is protected by an intelligent control system.

How can we continue to be agile after certification?

The challenge after certification is to maintain the system that has been gradually created. To succeed in this, we must maintain the same philosophy, the same approach, and the effort over time!

Can I find this vision in all ISO 27001 consultants?

There are many consultants who share this vision and approach, but it is necessary to check during the recruitment process that this philosophy is really present. Opting for innovation in the ISO 27001 approach will give you results in terms of security and also certification!

If you want to know more about our certification support, find all the information here and on our FAQ.

Do not hesitate to contact us for any question.

Contact us

Any projects? Any questions? Do not hesitate to contact us!


Understanding QUALIOPI

Understanding QUALIOPI

Do you know Qualiopi?

This new quality mark was launched by the Department of Labor in November 2019.

It concerns all training providers, or OPAC according to their new official name (Operator Provider of Actions contributing to the development of Skills). In order to benefit from public or mutualized funds, OPACs will have to obtain this certification before January1, 2021.

The Qualiopi brand

This new trademark, registered with the INPI, will make it possible to attest to the quality of the process put in place by the OPACs. By harmonizing the quality of the professional offer, the training offer will become more legible for companies and individuals.

Qualiopi is therefore issued by certification bodies accredited by the French Accreditation Committee (COFRAC) on the basis of a national reference system. This standard is based on seven quality criteria and 32 applicable indicators:

  • Conditions for informing the public about the services offered
  • Identification of delivery objectives
  • Adaptation of services and reception, support, follow-up and evaluation methods
  • Adequacy of teaching, technical and supervisory resources
  • Qualification and development of staff knowledge and skills
  • Registration and investment of the provider in his professional environment
  • Collecting and taking into account the opinions and complaints of stakeholders

The brand will therefore replace all certifications or labels known as "CNEFOP" as well as the DataDock registration.

What is What is the difference between DataDock and Qualiopi?

DataDock was a first step towards a quality approach. It was created by the OPCAs to check that training providers comply with the criteria of the Quality Decree of June 30, 2015. It was a declarative process with some controls afterwards. The Qualiopi approach is a real certification process with regular audits before and after obtaining certification.

What is the certification cycle? Who is involved?

The certification cycle is 3 years: an initial audit will check the implementation of the national quality standard and a surveillance audit will be carried out between the 14th and 22nd month following the date of obtaining the certification.

All the OPACs: Training, Skills Assessment, VAE, Apprenticeship, are concerned by this approach.

Why get certified?

Certification is an obligation, but it offers significant advantages. Qualiopi can thus reassure your clients and funders by justifying your compliance with the legislation. You also implement a policy of continuous improvement of your services, which can only be beneficial to you.

The certification process takes several months, so don't hesitate to start the process now! If you have any questions or if you would like to be accompanied in the implementation of the national quality standard, contact us.

Contact us

Any projects? Any questions? Do not hesitate to contact us!