Standards & Directives

ISO 27001

The ISO 27001 standard is an international framework for the implementation of an information security management system (ISMS). It defines the requirements to protect information against threats and risks.

The advantages of ISO 27001 certification are numerous:

Improved information security.
Improved stakeholder trust.
Improved regulatory compliance.

The ISO 27001 standard is an important tool for organizations of all sizes and in all industries. It helps protect information against cyberattacks and data breaches.

Perform an ISO 27001 Pentest

NIS 2

The NIS 2 directive is a new European regulation that strengthens the security of information systems. It applies to operators of essential services and digital service providers, and imposes stricter requirements on risk management, incident reporting and cooperation with authorities.

In summary, NIS 2 aims to:

Protect critical infrastructure and personal data.
Strengthen the security of information systems in the EU.
Improve cooperation between the competent authorities of the Member States.

Discover the NIS 2 Directive

PCI DSS

PCI DSS is a set of data security standards that apply to organizations that store, process, or transmit payment cardholder data. It aims to protect cardholder data from cyberattacks and data breaches.

Organizations that comply with PCI DSS implement security measures such as using firewalls, encrypting sensitive data, implementing access controls, and training employees on best practices of security.

PCI DSS compliance is essential to protect cardholder data and comply with regulatory requirements.

Discover the PCI DSS standard

MICA

The MICA standard is a European regulation that governs crypto-assets. It aims to protect investors, prevent market abuse and fight financial crime.

The main provisions of the MICA standard are as follows:

Crypto-asset service providers (PSCA) will be subject to a mandatory authorization regime.
Stablecoin issuers will have to meet strict liquidity, reserve and governance requirements.
Investors in crypto-assets will be better protected against scams and fraud.
PSCAs will have to put in place measures to combat money laundering and the financing of terrorism.

Discover the MiCA regulations

SecNumCloud

The SecNumCloud standard is a French certification which certifies the level of security of cloud services offered by a service provider.

It is based on the ISO 27001 standard and covers the following areas: security of infrastructures, applications, data, operations and human resources.

The benefits of SecNumCloud certification are numerous, including reducing the risk of cyberattacks and gaining trust from customers and partners.

In summary, the SecNumCloud standard is a cloud services security certification that is based on the ISO 27001 standard and helps reduce the risks of cyberattacks and gain the trust of customers and partners.

Discover the SecNumCloud standard

ANS obligations for ENS

Digital Health Companies (ENS) wishing to certify their teleconsultation solution must therefore go through a process of evaluating the conformity of this solution with requirements relating to the security of information systems. In particular, carrying out an intrusion test on the candidate solution is required.

This results in the auditor filling out a form which allows the scope of the test to be set and certifies the results obtained. It constitutes proof required for certification of conformity to the interoperability, security and ethics framework for teleconsultation information systems.

The intrusion test must be carried out by an audit service provider, at the request of the publisher. In order to guarantee the skills of the selected audit service provider and thus the fairness of the process, it is requested to use a qualified information systems security audit service provider, or PASSI.

Discover the obligations

ISO 19011

ISO 19011 is an international standard that provides guidelines for auditing management systems. It is published by the International Organization for Standardization (ISO).

The main objective of the ISO 19011 standard is to provide guidelines for auditing management systems in order to:

Improve the efficiency of management systems.
Provide assurance to interested parties that management systems comply with established requirements.
Provide a basis for the exchange of information between auditors.

To obtain ISO 19011 certification, an organization must have its management system audited by an accredited certification body. If the audit is successful, the certification body will issue the organization with an ISO 19011 certificate.

Discover the ISO 19011 standard

RGS

The General Security Reference (RGS) is a French standard which defines the security requirements for the information systems of administrative authorities.

The RGS aims to protect the personal data of citizens and to guarantee the proper functioning of public services. It applies to all information systems of administrative authorities, whether internal or external, central or decentralized.

The RGS is based on six fundamental principles:

Integrity: information must be accurate and complete.
Confidentiality: information must be accessible only to authorized persons.
Authenticity: information must be accessible when necessary.
Availability: guarantees that the information is accurate and complete.
Traceability: actions carried out on information must be traceable.
Resilience: information systems must be able to withstand security incidents.

Discover the RGS reference

CYBERSCORE

Cyberscore is a French measure which aims to improve the cybersecurity of digital services. Platforms that meet certain criteria must display a score of 0 to 5, reflecting their level of security. Cyberscore is expected to have several benefits, but there are also potential downsides.

Here are the main advantages of Cyberscore:

Increased cybersecurity awareness among consumers.
Improved cybersecurity for all platforms.
Reduction of the risk of cybercrime.

DORA

DORA is a European regulation that requires financial entities to put in place a governance and internal control framework for the management of ICT-related risks. It applies to banks, insurance companies, asset managers, payment service providers and other financial entities designated by supervisory authorities.

DORA aims to improve the resilience of financial entities to cyberattacks and other ICT-related incidents. It should help protect customers of financial entities and strengthen confidence in the EU financial system.