For Information Security, there are neither too small businesses, nor obviously too large ones. It is a business objective and responsibility to protect its own informations (data) which seems obvious. But it should also take care of informations for third parties of which it has custody : employees, customers, suppliers, contractors, public agencies ... MYO Consult way of working is to be adaptive to its customer size, and to provide a pragmatic approach. ISO 27000 norm has been a guidance to build a proprietary methodology for analysing/auditing an Information System Security (for digital and paper datas) : ASSISE® ASSISE®  (Audit de Sécurité du Système d’Information et de Son Environnement : Security Audit of the Information System and its Environmental Surroundings) cover the following items : Environment - Legal - Physical Security - Physical - Logical - Applications - Operations Access and communications - IT Accesses - Network - Exchange Information Management : - Data classification Consulting and Training in Information Security Consulting