Cybersecurity of information systems

Our IT security experts provide support to companies of all sizes to guarantee the security of their structure.

SERMA covers all IT security issues regardless of your application system (IT, IoT, industrial, etc.)

Risk and Compliance Governance

Compliance and assessment of IT security issues

  • Understanding and identifying business processes
  • Assessment and diagnosis of the security level
  • Compliance with existing security standards (ISO 2700X, NIS2, LPM, RGPD, etc.)
  • Organisational audit
  • Risk analysis
  • Implementation of processes and documentation (PSSI, PAS, etc.) aimed at raising the security level of the system, including resilience (crisis management, incident management, business continuity and recovery plan, etc.)
  • Cyber-Defence diagnosis and France
  • Relaunch cyber-security course
  • Awareness raising

IT security audit

Assessment of the risk level of systems,
infrastructure, applications, Wifi

  • PASSI qualified audits
  • Penetration testing – Infrastructure (black box, white box, grey box, DSP2 …)
  • Penetration test – Application
  • Red Team
  • Configuration audit
  • Architecture audit (On-Premise and Cloud)
  • Source code audit
  • Audit, support and monitoring of suppliers (ISO/IEC)
  • Technical systems audit
  • Phishing campaign
  • Vulnerability analysis and identification
  • Remediation and hardening
  • Reverse Engineering

Integration of security solutions

Implementation of
of security solutions

Audit, study and advice

  • Architecture and configuration audit;
  • Study and proposal of technical solutions;
  • Technical comparisons and POC of solutions;
  • Drafting of summary documents;
  • Support in the evaluation of RFP and
  • AO responses.

Solution integration and technical expertise

  • Design and conception of architectures in the client context following good security practices;
  • Technical documentation: DAT, DI, DR, DEX;
  • Pilot / Deployment / Migration / Production start-up;
  • Transfer of competence;
  • Specific technical expertise.

Support, maintenance and helpdesk

  • Solution support
  • Maintenance
  • Technical Assistance Service (TAS)
  • Periodic verification
  • Technology watch
  • Evolution

Security Operation Center

Setting up an SOC to detect in real time
and protect you from cybersecurity threats


  • Cybersecurity watch;
  • Tailor-made detection scenarios adapted to the client environment;
  • Vulnerability scans to identify the level of exposure to malicious acts;
  • Outsourcing of network security equipment, mainly Palo Alto, Check Point and Cisco firewalls.


  • Deployment of a detection platform (SIEM) in order to monitor in real time, detect, qualify and carry out investigations in the event of a proven threat leading to a security incident. On-Premise or Cloud deployment on dedicated or shared architecture;
  • Mastery of numerous SIEM solutions such as Microsoft Azure Sentinel, Splunk, Qradar;
  • 24/7 detection service.

Incident response

  • Intervention, remotely or on site, to contain the ongoing threat and eradicate the risk;
  • Investigation to understand where the threat is coming from and how it is spreading.


  • Support for data recovery;
  • Remediation plan;
  • Verification of return to normal operations.