The project

3. Looking

Risk analysis and ISS compliance

We were provided within a department dedicated to risk management and compliance of sensitive IS.
More specifically, it focuses on ISS expertise and involves:

  • Assessing the combined compliance of sensitive IS with II 901, GDPR and PPST and export rules;
  • Conducting risk analyses on these IS based on the EBIOS 2010 methodology;
  • Supporting IS managers in the implementation of corrective measures;
  • Improving the process in place, the tools, and training the junior consultants.

Keys to success

1
Our security expertise and an understanding of the challenges of sensitive IS.
2
Our ability of the service provider to interact with the managers of a wide range of IS.
3
Familiarity with legal frameworks (exports, privacy, national defence).
4
Our ability to provide feedback to decision-making bodies (CSO, CISO, export control).
5
Streamlining of reference systems and industrialization of tools.