Governance, risk and compliance – GRC
Risk-based management is at the heart of the GRC solutions offered for the design, development and control of information security management systems and policies. Risk management provides the decision-making support needed to implement security projects in an optimal way. Compliance audits address regulatory issues and standards. Governance defines a comprehensive framework for all the other activities.
OUR SUPPORT FOR INFORMATION SYSTEMS:
- Define and implement your security policy and associated processes;
- Provide you with advanced cybersecurity skills to carry out all your projects successfully;
- Implement a continuous improvement process for your cybersecurity.
OUR SKILLS AREAS
- Development of a master plan;
- Design of systems and frameworks for integrating the security aspect into projects;
- Security approval (RGS, Directive 27, NIS/OSE EIDAS, LPM/OIV);
- ISS documentation design;
- Creation of an ISMS (ISO 27001);
- Risk management (risk assessment and treatment) using standard methodologies:
- Compliant with ISO 27005 and ISO 31000 standards: EBIOS 2010, EBIOS Risk Manager, Mehari, etc.
- Not compliant with standards based on very specific customer in-house methodologies.
- Resilience (Incident Management, BCP/DRP, Crisis Management);
- Setting up of an awareness programme;
- Organisational and physical security audit (ISO 27002, PCI-DSS, SOC 2, DSP2, RTS, Swift, RGS, etc.);
- Data protection and classification
RISK-BASED MANAGEMENT
IOT & PRODUCT GOVERNANCE
Governance of embedded systems
- Governance documentation (plan, policy, process, methodology) compliant with ISO 27000, IEC 62443, UNECE WP29
- Compliance and conformity of the embedded systems environment
- Analysis of the security risks (EBIOS, TARA, TVRA, ISO 27005, IEC 62443, ISO 21434)
- Definition of the security target
- Security by design and defence in depth (UL 2900)
- Security specifications and development assistance
- Security assurance (ISO, IEC, common criteria)
- Vulnerability management
- Support for security certification (CSPN, standard certification, etc.)
Governance of industrial systems
- Governance documentation (plan, policy, process, methodology) compliant with IEC 62443, UNECE WP29
- Governance and compliance in the industrial environment (ICS, SCADA)
- LPM compliance in terms of asset identification and security mapping for “OIV” (operators of vital importance)
- Analysis of the security risks (EBIOS, ISO 27005 or IEC 62443)
- Security by design compliant with IEC 62443
- Industrial system security specification (special technical clauses)
- Security assurance
- Support for security certification (DR, etc.)
Governance of IoT Systems
- Identification of assets and mapping of security measures
- Governance documentation (plan, policy, process, methodology)
- Analysis of the security risks (EBIOS, TARA, TVRA, ISO 21434, UL 2900)
- Security by design and defence in depth (sensor, equipment, gateway, cloud, IS)
- Security specifications and development assistance
- Security assurance
- Vulnerability management