Transportation
x

Accelerating multi-compliance cyber security in the aviation sector

How did Air Caraïbes' CISO restructure cybersecurity management to increase productivity with Tenacy?
“Tenacy helped us to understand the challenges we faced, and also to justify our budget requests.”
Jean-Michel Pater
CISO at Air Caraïbes
The challenge
Increase productivity and accelerate multi-compliance in the aerospace sector

A member of the French Dubreuil family group, which specializes in transportation, real estate, and hospitality, Air Caraïbes serves more than 20 destinations around the world.

Jean-Michel Pater, CISO, is responsible for all IT issues with a small team, whose tasks range from day-to-day IT management to maintaining optimal cybersecurity.

" Under regulations, and in particular the 3CF, numerous requirements are imposed and require the implementation of specific actions that can quickly become time-consuming, such as data recovery or action plans. "
Jean-Michel Pater, CISO at Air Caraïbes
Productivity
Save time for a small team.
Multi-compliance
Monitor compliance with multiple standards, particularly 3CF.
Governance
Gain visibility and optimize cyber management.
The objective
Simplify and accelerate compliance as standards multiply, and unite the organization around a single platform to restructure cybersecurity management.
The solution

Why did you choose Tenacy?

Workflow automation

+20 native connectors to automate data collection.

Cyber management

Action plans, dashboards, and reports generated in just a few clicks.

Optimized Multi-Compliance

Standardsmapped in the platform and kept up to date to track and manage multi-compliance.

Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

1/ Centralize and automate data collection

In order to manage cybersecurity under the best possible conditions, Air Caraïbes' CISO needed more than just a compliance monitoring tool: he needed to be able to automate the collection of cyber data via native connectors or the implementation of push APIs.

Thanks to Microsoft Azure AD, Defender, and PingCastle connectors, Tenacy made this possible: data, audit reports, and action plans could be implemented directly in the platform.

Covered objective:

Centralize reliable and actionable cyber data .

" Being able to rely on a solution that brings together all the necessary monitoring elements (dashboards, reports, action plans) in one place is a real plus for a team like ours. No more Excel spreadsheets! "
Jean-Michel Pater, CISO at Air Caraïbes

2/ Gain visibility and accelerate multi-compliance

Multiple regulations, including the French Cyber Compliance Framework (3CF), imposed numerous requirements on the group. These required the implementation of specific, particularly time-consuming actions, such as data recovery and action plans.

With Tenacy, Air Caraïbes was able to gain a comprehensive overview of its cybersecurity posture and track the impact of an action on compliance with multiple standards simultaneously.

Covered objective:

Manage multi-compliance cyber without wasting time.

3/ Rely on expert deployment

To enable team members to focus on value-added tasks, Air Caraïbes chose to delegate the deployment of the solution (data recovery, integration of repositories, etc.) to Tenacy as part of its Professional Services.

Experts were present at every stage to enable the organization to make a successful transition without spending hours on it.

Covered objective:

Deploy a cyber GRC platform without disrupting an entire organization.

4/ Prove cyber impact and strengthen credibility

In addition to its collaborative nature and effectiveness in cybersecurity governance, Tenacy played an important role with the senior management of Air Caraïbes and that of its majority shareholder, the Dubreuil Group.

The teams were able to use the platform to easily generate dashboards and reports tailored to different stakeholders.

Covered objective:

Structure cybersecurity and demonstrate its business impact.

"Tenacy enabled us to convey the challenges we faced, but also to justify our budget requests. "
Jean-Michel Pater, Chief Information Security Officer at Air Caraïbes

Results

Stakeholders involved in the company's cybersecurity projects

Time savings

on 3CF compliance.
"For the teams, it's a great way to see the positive impact their work has on strengthening our security." Jean-Michel Pater, CISO at Air Caraïbes

47 independent contributors

on the platform in one year (SSI team members, business departments, senior management).

Global and shared visibility

on audits, analyses, security status.
Conclusion
The Air Caraïbes case study illustrates how an airline facing multiple IT challenges can restructure its cyber governance, simplify multi-compliance, and unite the entire organization around a common vision.
Do these issues resonate with you?
Schedule a demo
Other articles

You may be interested in

Data governance: 5 tips to optimize your strategy
Governance
Data governance: 5 tips to optimize your strategy

Regulatory obligations, data-centric organization, storage cost optimization, data monetization... whatever your company's objectives, it all comes down to data. From collection to destruction, companies are responsible for the information and data they hold. That's why it's essential to define an effective data governance strategy.

November 29, 2022
Developing a PSI in four steps
Compliance
Developing a PSI in four steps

The information system security policy (ISSP) is more than just a reference document: it represents the foundation of the strategic vision for the company's IS security. Nothing less.

April 16, 2024
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms
Life as a CISO
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.

November 15, 2022

Regain Control of Your Cybersecurity

Schedule My Personalized Demo
30 minutes with no obligation