SPIE ICS obtains ISO 27001 certification for its cloud and managed services activity

Published on 28 May 2018

Paris, May 28th, 2018 – On the 19th of March, the cloud and managed services activity of SPIE ICS, the digital services subsidiary of the SPIE group, obtained ISO 27001 certification. This recognises the operational excellence of SPIE ICS and its information security strategy.

This certification, dedicated to information systems security, was obtained as a result of the introduction of an efficient and reliable information security management system (ISMS) within the cloud and managed services activity of SPIE ICS. For SPIE ICS customers and end users, it is a guarantee of the availability, integrity, confidentiality and traceability of their data.

ISO 27001: more than 200 security requirements

Initiated in 2017, the introduction of an ISMS required intense mobilisation of the SPIE ICS teams under the leadership of Nolwenn Le Ster, director of cloud and Internet of Things activities. Several stages were necessary: definition of the security strategy, evaluation of the risks of the cloud and managed services platform, identification of the threats and vulnerabilities, then definition of the technical and organisational measures required to minimise the risks. Governance and operational management were then established in order to meet the specifications of the ISO 27001 standard and to adopt a continuous improvement approach. This involves meeting more than 200 security requirements.

Daily monitoring

The ISO 27001 certification is the subject of consolidated monitoring. The day-to-day management of the ISMS is now based on the use of meaningful control indicators, involving both the information systems security manager (ISSM), Mathieu Bichon, and the operational and functional staff concerned.

For SPIE ICS, this certification sends a strong and positive message to its customers, who demand serious guarantees in relation to the processing and protection of data, in particular in the context of the entry into force of the general data protection regulation (GDPR). “With regard to our customers, the ISO 27001 standard is a sign of digital confidence: their data is safe with us”, points out Nolwenn Le Ster.

The drive of the management team and the involvement of all employees are fundamental to the success of such a project. It is in this dynamic that we have provided our staff with guidance and advice on best practices with regard to security and cybersecurity”, states Cédric Périer, managing director of SPIE ICS.

Contacts