NES assist you with a 360° coverage of ISS

  • Drafting and adaptation of security policies
  • Mapping and Risk Analysis
  • Response to regulatory changes in the market (ANSSI-LPM, GDPR, SOx…)
  • Compliance assessment (ISO 2700X, GDPR…)
  • CISO and ISS Project Management Support (Anonymization of data, DLM…)
  • Maximum adaptability and reactivity

Our GRC service offer, created for meeting your expectations, and market evolutions (MPL, GDPR…) performes deep-depth analysis of your regulatory and business needs in terms of IT security.


An efficient ISMS and security policy, for covering all of your company’s activities

Security strategy & Information security master plan

Monitoring your regulatory framework with a sector-wide approach

Achieving convergence and consistency of business strategies and risk mitigation throughout the security master plan

Tactical Plan

Taking into account local specificities in the tactical plan in order to implement processes, solutions and security technologies

Performing security assessments for your business projects

Risk Management

Designing a risk appetite strategy

Identifying and listing risks (risk mapping)

Assessing and ranking risks

Drafting a remediation plan for putting residual risks under control or ruling out residual risks


Compliance audit with regards to requirements :

National and international (GDPR, LSF, RGS…)

Industrial Regulations (PSI DSS, CRBF 97-02, Bale III, Solvency II…)

French legal requirements regarding privacy and personal data  (CNIL)

Internal (AQP, Cloud, PAS-F…)

An action plan to meet high expectations of internal and external regulators

Control of securty levels

Designing a permanent supervision strategy

Performing automatic permanent controls (or had-hoc) on functions, processes, technology, access rights…

Performing and computerizing IT security dashboards


Transmitting our know-how to your IT security team

Empowering your company’s IT stakeholders

Our team is ready to help you