Companies seeking guidance in the development and implementation of their information security programs are looking for a robust and recognized framework. The ISO/IEC 27001 standard offers exactly that, while also providing a useful evaluation process and valuable certification. In a guest article, Lionel Cochey, director of information of a large international law firm, provides a roadmap to the key aspects of the standard, the certification process, and the ongoing effort to remain certified on an annual basis. See also “Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance” (Mar. 30, 2016).