Testamento, a French insurtech specializing in SaaS solutions for personal insurance, announces that it has obtained ISO 27001:2022 certification, the international benchmark for information security.
This recognition marks a strategic milestone for the company, confirming the robustness of its information security management system and its commitment to insurance industry stakeholders.
ISO 27001:2022 certification at the heart of security and compliance challenges
In a sector as sensitive as insurance, data management is a major issue. Personal data, financial information, beneficiary clauses, and legal documents: SaaS platforms process highly critical information on a daily basis.
By obtaining ISO 27001:2022 certification*, Testamento demonstrates that all its innovations, from software development to infrastructure operations and data management, meet the highest standards in terms of security, compliance, and risk governance.
Issued by PROKS Certification, an accredited company, this certification confirms the implementation of a comprehensive Information Security Management System (ISMS), audited and compliant with international requirements.
A secure SaaS platform serving the insurance industry
Used by more than 10,000 advisors in France and deployed with major groups such as Allianz, Aon, Generali, MACIF, and La Banque Postale, the Testamento platform operates in an environment where data security and trust are essential.
The ISO 27001:2022 certification covers the entire value chain:
- development and operation of the SaaS platform
- customer data management
- processing of sensitive information
- secure cloud infrastructure (AWS, France region with backup in Germany)
This comprehensive approach ensures a high level of protection for all stakeholders in the insurance ecosystem: insurers, brokers, advisors, and policyholders.
A rigorous process demonstrating high maturity
Achieving ISO 27001:2022 certification is based on a demanding process carried out over several months. Testamento structured its ISMS through a complete asset mapping, in-depth risk analysis, and the implementation of robust security policies.
The results reflect a high level of maturity:
- more than 91% compliance from the first internal audit
- an assessment covering over 100 requirements and 90 controls
- a two-phase external audit validating the system’s compliance
This level of performance highlights the strength of the insurtech’s security practices.
Security, cyber resilience, and data protection at the core of the architecture
To meet the growing demands of the insurance sector and cyber risks, Testamento relies on a state-of-the-art technological infrastructure.
The platform includes:
- advanced cybersecurity mechanisms (24/7 monitoring, proactive incident management)
- secure development practices (OWASP standards, ANSSI recommendations)
- strict access control (strong authentication, full traceability)
- resilience mechanisms (automated backups, business continuity plan, geographic redundancy)
This approach ensures a high level of data protection and service continuity, which are essential for insurance stakeholders.
A strategic advantage for insurance players
ISO 27001:2022 certification provides direct benefits across the ecosystem:
- For insurers, mutuals, and brokers: assurance of compliance with regulatory requirements (GDPR, NIS2, DORA) and reduced operational and cyber risks
- For end users: enhanced confidentiality and greater transparency in data management
- For Testamento: a strong differentiator in the insurtech market and easier access to the most demanding tenders
Addressing growing cybersecurity and regulatory challenges
In a context marked by increasing cyber threats and stricter regulations, ISO 27001:2022 certification is becoming a key standard for insurance and fintech players.
As highlighted by Sylvain Delporte, co-founder and CTO of Testamento:
“Obtaining ISO 27001 certification is the result of several years of dedicated work. At Testamento, security is not an additional layer added afterward, it is embedded from the design stage in our architecture, development processes, and company culture. Achieving a 91% compliance rate from the first internal audit reflects the maturity of our organization. This certification sends a strong message to our clients and partners: your data and your policyholders’ data are protected according to the highest market standards.”
Virgile Delporte, co-founder and CEO of Testamento, adds:
“In a context where cyber threats are increasing and regulatory requirements are tightening (GDPR, NIS2, DORA), ISO 27001 certification has become a must-have for insurtech players. It is a strategic investment that allows us to reassure our clients, differentiate ourselves in the market, and prepare for expansion across Europe. We are proud to be among the first French SaaS providers specializing in personal insurance to obtain certification under the 2022 version of the standard.”
Strengthened ambitions for 2026
With this ISO 27001:2022 certification, Testamento strengthens its position as a leading French insurtech and continues its development with major insurance and bancassurance groups.
The company is also committed to continuous improvement, with regular audits and sustained investments in security, compliance, and technological innovation to anticipate market and regulatory developments.
* ISO/IEC 27001:2022 certification issued by PROKS Certification GmbH (Düsseldorf), accredited by DAkkS (German Accreditation Body, equivalent to COFRAC in France, member of the International Accreditation Forum), Certificate No. FR-IS-20260273. Verification: https://www.iafcertsearch.org/certification/CvdqApwlYX14JtBAej8xnGnd
