Griaule, a Brazilian company specializing in biometric recognition solutions, has just receivedISO 27001 certification, consolidating its good information security practices.

The project was carried out in partnership with IT2S Group consulting and completed in just six months, a significant milestone for the sector, which usually takes twice as long for complex processes of this size. 

"The collection of biometric data is classified by the LGPD (General Personal Data Protection Law) as sensitive data and, therefore, requires an even more robust level of protection. Achieving ISO 27001 certification is the result of our efforts to strengthen security and always seek greater protection for digital data, both inside and outside the country," says Thiago Ribeiro, Business Director at Griaule.      

The certification came with specialized support from IT2S Group, a leader in the information security, privacy, and compliance market. By implementing the project in record time, the consulting firm reinforces its strategic delivery capabilities. 

“Our mission at IT2S Group is to transform the complexity of information security into a real competitive advantage for our customers. Supporting Griaule in this process was rewarding, as we saw total synergy between our methodology and their technological readiness. Achieving compliance in just six months is a direct reflection of the commitment of the leadership and the technical maturity of the teams involved," saysPedro May, CEO of IT2S Group. 

ABOUT CERTIFICATION

ISO 27001is an international standard created by the International Organization for Standardization (ISO) in partnership with the International Electrotechnical Commission (IEC). It describes how to manage information security in an organization, pointing out best practices and establishing an international standard for data protection and risk management.  

To achieve certification, the organization must implement an Information Security Management System (ISMS), which involves everything from defining policies and responsibilities to continuously assessing and addressing risks.  

In addition, the company must demonstrate compliance with a set of93 security controls outlined in the standard, covering areas such as organizational controls, personnel security, physical security, technology, incident management, business continuity, and cryptographic protection.  

“The implementation of SGSI at Griaule focused on aligning these controls with critical operations, ensuring that security is a facilitator of new business. The result is a resilient and auditable infrastructure, ready to serve the most demanding partners in the global market,” points outMarcus Carvalho, Director of Information Security at IT2S Group. 

A survey by Price Waterhouse Cooper (PwC) found that companies certified under ISO 27001 reduce the incidence of cybersecurity incidents by up to 39%.  

ISO 27001 is an extremely significant achievement and is aligned with Griaule's culture, in addition to strengthening its performance with large corporations and government agencies, which require this seal from their suppliers. The standardization of processes and data facilitates information sharing between organizations, improves operational efficiency, and contributes to strengthening security management, reducing the risk of security incidents that can cause financial and reputational damage," says Thiago Ribeiro, from Griaule.   

ABOUT THE AUDIT

Certification is only granted after independent audits confirm that the ISMS has been effectively implemented, maintained, and improved. 

The independent company that audited Griaule, DSG, is accredited by Inmetro, a distinction held by only six companies in Brazil. This demonstrates, once again, the relevance and seriousness of the process.  

The certificate is valid for three years, but the company undergoes annual audits that require improvements to the information security management system, ensuring continuous updating with best security practices. 

Griaule now joins a select group: fewer than 600 companies in Brazil have ISO 27001 certification. With the support of IT2S Group, certification was guaranteed! 

This content was published by the Economia SP news portal on February 23, 2026, available at this link.