The purpose of this paper is to explore the operational impact of the adoption of the most
renowned norm in the field of information security: ISO/IEC 27001. We develop six research
hypotheses; three of them related to firm’s operating performance and three which shed light on
the moderating role of some contextual factors. The results indicate that the ISO/IEC 27001
certification improves the profitability and the labor productivity of the adopting firms while no
effect is recorded on sales performance. The impact appears affected by the munificence of the
industry and the level of internationalization of the firm.
