Bilingual glossary

Learn the vocabulary and phrasing people actually use in work

This glossary is designed for practical use in France. It does not stop at literal translation. It shows how ISO 27001 concepts are explained naturally in English and French during projects, audits, and meetings.

Workplace phrasing library

Phrasing that learners in France can reuse in audits, project meetings, close-out discussions, and certification-readiness workshops.

Describing control maturity

implementation

English

The control is partially implemented.

Français

La mesure est partiellement mise en oeuvre.

Useful when the design exists but execution or evidence is still incomplete.

Explaining an evidence gap

evidence

English

Evidence was not available for the sampled period.

Français

La preuve n'était pas disponible pour la période échantillonnée.

A neutral but precise way to explain why a process claim is not yet supported.

Linking a finding to a clause

audit

English

This finding relates to Clause 9.2.

Français

Ce constat est rattaché à la clause 9.2.

Helps learners speak with clause discipline during internal and external audits.

Explaining inconsistent execution

evidence

English

The process exists but is not consistently evidenced.

Français

Le processus existe mais n'est pas démontré de manière cohérente.

This phrasing is stronger than saying the process is missing when the real issue is execution discipline.

Explaining poor traceability

risk

English

The risk treatment decision is not traceable.

Français

La décision de traitement du risque n'est pas traçable.

Useful when a register exists but treatment logic cannot be linked to owners, dates, or controls.

Requesting operational proof

audit

English

Please show the sampled evidence, not only the procedure.

Français

Merci de montrer la preuve échantillonnée, pas seulement la procédure.

A practical sentence for audit prep and live walkthroughs.

Describing a pattern

nonconformity

English

This looks systemic rather than isolated.

Français

Cela semble systémique plutôt qu'isolé.

Use this when similar weaknesses appear across teams, systems, or periods.

Challenging management review quality

audit

English

The minutes do not show the required management review inputs.

Français

Le compte rendu ne montre pas les intrants requis de la revue de direction.

This keeps the discussion evidence-based instead of turning it into a debate about meeting labels.

Commenting on SoA quality

soa

English

The SoA rationale is too generic for audit reliance.

Français

La justification de la SoA est trop générique pour être fiable en audit.

Useful when applicability statements are broad, unsupported, or disconnected from risk treatment.

Talking about continuity evidence

evidence

English

Backup jobs are visible, but restore testing was not evidenced.

Français

Les jobs de sauvegarde sont visibles, mais le test de restauration n'a pas été démontré.

This distinguishes activity output from effectiveness evidence.

Explaining a stronger response

nonconformity

English

A strong corrective action addresses root cause, ownership, and closure evidence.

Français

Une action corrective solide traite la cause racine, la responsabilité et la preuve de clôture.

Useful when coaching teams to move beyond immediate fixes.

Clarifying ISMS scope

meeting

English

The scope includes the customer platform and support operations, but not every corporate function.

Français

Le périmètre inclut la plateforme client et les opérations de support, mais pas toutes les fonctions corporate.

Good for kickoff and audit-readiness discussions where boundaries must stay explicit.

Explaining business value

meeting

English

We pursue ISO 27001 to make security decisions repeatable, credible, and governable.

Français

Nous poursuivons l'ISO 27001 pour rendre les décisions de sécurité répétables, crédibles et pilotables.

This keeps the discussion focused on management-system value rather than only certification optics.

Search the glossary

Browse plain and professional definitions

Information Security Management System

Système de management de la sécurité de l'information

Core concept

Plain explanation

The operating system for how a company manages information security.

Professional explanation

A structured management framework for establishing, operating, monitoring, and improving information security in context.

Example in context

In a meeting: 'Our ISMS covers the customer platform, support process, and supplier oversight.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Risk assessment

Analyse des risques

Risk

Plain explanation

The method used to decide what could go wrong and how serious it is.

Professional explanation

A repeatable process for identifying assets, threats, vulnerabilities, likelihood, impact, and treatment priority.

Example in context

In a workshop: 'We need to refresh the risk assessment before changing the cloud architecture.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Risk treatment

Traitement du risque

Risk

Plain explanation

The choice of what the company will do about a risk.

Professional explanation

The formal decision to mitigate, avoid, transfer, or accept evaluated risk based on criteria and business context.

Example in context

In project review: 'The risk is accepted temporarily while the mitigation project is funded.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Statement of Applicability

Déclaration d’applicabilité

Core artifact

Plain explanation

The map showing which Annex A controls matter and why.

Professional explanation

A core ISO 27001 artifact documenting control applicability, justification, and implementation status in relation to treatment decisions.

Example in context

In audit prep: 'Let's confirm the SoA still matches our current supplier and logging decisions.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Nonconformity

Non-conformité

Audit

Plain explanation

A proven gap between what should happen and what actually happens.

Professional explanation

An evidence-based failure against a stated requirement, expected process, or claimed control operation.

Example in context

In an audit: 'This is a nonconformity because the process exists on paper but was not followed in the sample.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Audit evidence

Preuve d’audit

Audit

Plain explanation

The proof an auditor uses to support a conclusion.

Professional explanation

Records, observations, interviews, logs, configurations, or outputs that establish whether requirements or controls are operating as claimed.

Example in context

In a walkthrough: 'Show me the evidence for the latest access review, not only the procedure.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Control

Mesure

Controls

Plain explanation

A safeguard chosen to reduce, detect, guide, or correct security risk.

Professional explanation

An organizational, people, physical, or technological measure selected through risk treatment and implemented with evidence.

Example in context

In design review: 'Which control will actually reduce this supplier-access risk?'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Scope

Périmètre

Core concept

Plain explanation

The boundary of what the ISMS covers.

Professional explanation

The documented boundary of the ISMS in terms of business activities, locations, assets, systems, and interfaces.

Example in context

In a kickoff: 'The scope covers the SaaS product and support operations, not every corporate service.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Management review

Revue de direction

Governance

Plain explanation

The formal moment when leadership reviews whether the ISMS is working.

Professional explanation

A clause 9 mechanism for leadership to review performance inputs, outcomes, changes, and improvement needs of the ISMS.

Example in context

In governance: 'The management review should discuss trends, findings, and resource needs.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Minor nonconformity

Non-conformité mineure

Audit

Plain explanation

A gap where the system exists but is not followed or evidenced consistently.

Professional explanation

A finding showing partial or localized failure without undermining confidence in the whole ISMS.

Example in context

In a close-out meeting: 'This is minor because the process exists, but the sample was incomplete.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio

Major nonconformity

Non-conformité majeure

Audit

Plain explanation

A serious or systemic gap that weakens confidence in the ISMS.

Professional explanation

A significant failure showing that a core requirement or system capability is absent or materially ineffective.

Example in context

In audit review: 'This is major because there is no formal risk assessment method at all.'

Audio placeholder architecture

Audio pronunciation placeholder

Emplacement réservé à la prononciation audio