Services
x

Rethinking Your ISMS and Governance to Turn Cybersecurity into a Business Driver

How Onet Turned Complex Governance into a Competitive Advantage
“Tenacy has enabled us to roll out the BU SMSI much more quickly and to become more mature.”
Hervé Comes
Group Chief Information Security Officer at Onet
The challenge
Managing the cybersecurity governance of a multiservice giant

A family-owned company with over 160 years of history, Onet employs more than 85,000 people. With a decentralized structure consisting of autonomous subsidiaries, this leader in multiservice solutions faces growing complexity in the area of cybersecurity.

Since joining the company in 2022, Hervé Comes (CISO) has been tasked with driving the group’s cybersecurity strategy and supporting business units in their digital transformation, working with a central team and a network of representatives in France and abroad. Working alongside him, Marion Borne (PMO) coordinates and oversees day-to-day operations. Together, they face three major challenges.

  • Manage the surge in customer requirements and increasingly detailed security questionnaires during the pre-sales phase.
  • Move away from Excel and the "homemade" tools that made overall management impossible.
  • Strengthen organizational structure (WSIS) to turn cybersecurity into a competitive advantage (particularly by obtaining ISO 27001 certification) and prepare for NIS 2.
Compliance
Move beyond a theoretical approach to develop a concrete ISMS that is aligned with ISO 27001 and anticipates NIS 2.
Governance
Centralize the management of a decentralized network of cyber correspondents to eliminate siloed management.
Differentiation
Innovate, improve efficiency and modernize to gain a competitive edge.
The objective
Establish a people-centered and pragmatic governance framework to support the group’s digital transformation and turn cybersecurity into a true business driver.
The solution

Why did you choose Tenacy?

Multi-compliance

A single platform for managing regulatory certifications (ISO 27001, NIS 2, GDPR, ISO 901) and ensuring the level of compliance required by clients (Air Cyber, AI Act).

Centralization and automation

A unified interface for managing risks, compliance, and improvement plans, as well as automating assessment campaigns.

Support

Close collaboration to develop the GRC strategy even before technical deployment.

Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

1/ Accelerate ISO 27001 certification

Faced with a major audit scheduled within six months, the cybersecurity team decided to rise to the challenge by leveraging Tenacy to centralize an ISMS that had previously been fragmented. In just three weeks, a detailed assessment of the group’s maturity level was delivered. The platform also helped demonstrate Onet’s commitment to continuous improvement, which was praised by the auditor.

Covered objective: ‍

To demonstrate to the auditor that the subject matter was well understood, that cybersecurity was well-structured, and that the organization was committed to a process of continuous improvement, thereby ensuring the successful attainment of certification.

“Without Tenacy, we would have faced three major non-conformities. The tool was instrumental in demonstrating to the auditor that our approach was structured and sustainable, even within a short timeframe.”
Hervé Comes, Group CISO at Onet

{{cta-lead-magnet}}

2/ Moving beyond craftsmanship to manage a decentralized network

Manually tracking more than 600 suppliers and autonomous subsidiaries created constant operational noise.
With Tenacy, the PSSI Group was able to translate its security policy into concrete actions through automated assessment campaigns. As a result, the CISO no longer has to collect evidence via Excel; instead, they have real-time analytical visibility.

Covered objective:

Move away fromExcel and a multitude of disparate tools and files in order to unify the group’s cybersecurity governance.

3/ Bring together different business units and improve governance

The implementation of the solution led to the creation of a dedicated GRC unit. By integrating the tools used by the CISO and the DPO into a single interface accessible to business stakeholders, cybersecurity has become a collective effort. Every action is tracked and recognized, facilitating the adoption of cybersecurity practices at all levels of the organization.

“We’ve built a true cyber community, with dedicated and recognized business representatives.”
Hervé Comes, Group CISO at Onet

Covered objective:

Break downthe silos between support functions and business units to enable cross-functional governance.

4/ Turn digital into a competitive advantage

Tenacy enables Onet to precisely meet growing customer demands, turning compliance into a key selling point. Through customized dashboards, the company also aims to quantify the financial impact of cybersecurity (risks avoided, contracts won, etc.).

“Cybersecurity has become a major focus in the business world because it adds value. I can’t imagine CISO’s reporting to senior management on strategic issues without a platform like Tenacy.”
– Hervé Comes, Group CISO at Onet

Covered objective:

‍Promotecybersecurity as a competitive advantage and a direct driver of innovation within the group.

Results

The results

360-degree visibility into the organization’s cybersecurity.

“Tenacy has enabled us to accelerate the WSIS implementation across our business units and achieve greater maturity.” – Hervé Comes, Group CISO at Onet
“Tenacy lets us perform analytics, something I was unable to do before. We can finally ensure proper follow-up, with automatic reminders and requests for proof.” – Hervé Comes, Group CISO at Onet

Operational time savings through centralization and automation,

providing concrete performance metrics to present to the Executive Committee.

A new driver of business growth,

using cybersecurity as a selling point.
Conclusion
The Onet case study demonstrates how a complex organization can expedite its ISO 27001 certification while turning its cybersecurity governance into a true competitive advantage.
Do these issues resonate with you?
Schedule a demo
Other articles

You may be interested in

CESIN Barometer 2026: analysis of cyber threats and cybersecurity trends in France
News
CESIN Barometer 2026: analysis of cyber threats and cybersecurity trends in France

The CESIN 2026 barometer reveals a paradoxical trend in corporate cybersecurity: while the number of significant cyberattacks is decreasing, their consequences are becoming considerably more severe.

This annual study by the Club des Experts de la Sécurité de l'Information et du Numérique (Club of Information and Digital Security Experts) is an essential reference for understanding the evolution of cyber threats in France.

January 29, 2026
Cyber Resilience Act: everything you need to know about the new European regulation
Compliance
Cyber Resilience Act: everything you need to know about the new European regulation

The purpose of this article is to provide you with a clear and practical overview of the Cyber Resilience Act.

At the end of the document, you will also find advice on how to structure your approach and facilitate compliance.

January 27, 2026
Data governance: 5 tips to optimize your strategy
Governance
Data governance: 5 tips to optimize your strategy

Regulatory obligations, data-centric organization, storage cost optimization, data monetization... whatever your company's objectives, it all comes down to data. From collection to destruction, companies are responsible for the information and data they hold. That's why it's essential to define an effective data governance strategy.

November 29, 2022

Regain Control of Your Cybersecurity

Schedule My Personalized Demo
30 minutes with no obligation