MENU
Our Offers

Governance, risk and compliance – GRC

Risk-based management is at the heart of the GRC solutions offered for the design, development and control of information security management systems and policies. Risk management provides the decision-making support needed to implement security projects in an optimal way. Compliance audits address regulatory issues and standards. Governance defines a comprehensive framework for all the other activities.

OUR SUPPORT FOR INFORMATION SYSTEMS:

  • Define and implement your security policy and associated processes;
  • Provide you with advanced cybersecurity skills to carry out all your projects successfully;
  • Implement a continuous improvement process for your cybersecurity.

OUR SKILLS AREAS

  • Development of a master plan;
  • Design of systems and frameworks for integrating the security aspect into projects;
  • Security approval (RGS, Directive 27, NIS/OSE EIDAS, LPM/OIV);
  • ISS documentation design;
  • Creation of an ISMS (ISO 27001);
  • Risk management (risk assessment and treatment) using standard methodologies:
    • Compliant with ISO 27005 and ISO 31000 standards: EBIOS 2010, EBIOS Risk Manager, Mehari, etc.
    • Not compliant with standards based on very specific customer in-house methodologies.
  • Resilience (Incident Management, BCP/DRP, Crisis Management);
  • Setting up of an awareness programme;
  • Organisational and physical security audit (ISO 27002, PCI-DSS, SOC 2, DSP2, RTS, Swift, RGS, etc.);
  • Data protection and classification

RISK-BASED MANAGEMENT

IOT & PRODUCT GOVERNANCE

Governance of embedded systems

  • Governance documentation (plan, policy, process, methodology) compliant with ISO 27000, IEC 62443
  • Compliance and conformity of the embedded systems environment
  • Analysis of the security risks (EBIOS, TARA, TVRA, ISO 27005, IEC 62443)
  • Definition of the security target
  • Security by design and defence in depth
  • Security specifications and development assistance
  • Security assurance (ISO, IEC, common criteria)
  • Vulnerability management
  • Support for security certification (CSPN, standard certification, etc.)

Governance of industrial systems

  • Governance documentation (plan, policy, process, methodology) compliant with IEC 62443
  • Governance and compliance in the industrial environment (ICS, SCADA)
  • LPM compliance in terms of asset identification and security mapping for “OIV” (operators of vital importance)
  • Analysis of the security risks (EBIOS, ISO 27005 or IEC 62443)
  • Security by design compliant with IEC 62443
  • Industrial system security specification (special technical clauses)
  • Security assurance
  • Support for security certification (DR, etc.)

Governance of IoT Systems

  • Identification of assets and mapping of security measures
  • Governance documentation (plan, policy, process, methodology)
  • Analysis of the security risks (EBIOS, TARA, TVRA)
  • Security by design and defence in depth (sensor, equipment, gateway, cloud, IS)
  • Security specifications and development assistance
  • Security assurance
  • Vulnerability management

Our teams are at your service