Webinar January 21 at 11:30 a.m.

Anticipate and structure your NIS 2 compliance 👉

Logistics

Automate compliance and risk management for a group operating across 4 continents

How does Asendia manage cybersecurity for 15 international subsidiaries without increasing resources?

“It's definitely a huge time-saver compared to sending out an Excel spreadsheet and manually collecting responses.”

Thierry Jeanneret

Group CISO at Asendia

The challenge

Automate compliance and risk management for a group operating across 4 continents

The Asendia Group, the result of a joint venture between La Poste and Swiss Post, is one of the world leaders in e-commerce and international mail, delivering to more than 200 destinations worldwide.

‍

With more than 2,000 employees across four continents, the group manages massive volumes of personal data on a daily basis and guarantees the continuous availability of its logistics services.

‍

Thierry Jeanneret has been Group CISO at Asendia for 11 years. Based in Switzerland, he oversees the cybersecurity strategy and governance for the entire group, covering between 12 and 15 subsidiaries across four regions. The central team has only two ISS advisors—including Thierry—supported by security correspondents in each region.

‍

Asendia's cyber team operated in a fragmented manner, with disparate tools that did not communicate with each other.

Information was scattered and compartmentalized.

The reference documents were stored in Word or PDF format, and evaluations were managed using Excel, with no direct link to the action plans to be implemented.

There was a lack of coordination between risks, compliance, and actions.

The team lacked an overview to coordinate the identified risks, the existing standards, and the actions to be taken.

Lack of time and limited staff

The geographical distance between teams also complicated monitoring, reinforcing the need for clear processes and a centralized tool.

The objective

Having a single platform that allows you to manage all issues in one environment.

The solution

Why did you choose Tenacy?

Comprehensive risk and compliance coverage

‍

Responsive, high-quality support

both during demonstrations and in everyday use.

An English-speaking platform

essential for an international group such as Asendia.

Table of Contents

This is some text inside a div block.

Discover how Tenacy structures your cybersecurity

Schedule a demo

1/ Compliance: aligning standards with international benchmarks

Follow-up of 8 Golden Rules issued by the parent company (GeoPost) to comply with mandatory measures and minimize the impact of ransomware
Construction of the PSSI aligned with ISO 27001 & 27002 to enable the certification process in certain markets
Anticipating the NIS2 directive to prepare for future compliance
Management of customer requirements and evaluation of suppliers in terms of compliance

Covered objective:

Have benchmarks linked to action plans, with centralized and consistent monitoring .

‍

2/ Risks: a structured and educational analysis

Identification of major risks
Definition of business values and supporting assets
Link between risks, controls, measures, and actions

Covered objective:

Establish clear links between risks, standards, actions, measures, and controls.

" The module really provides visibility in a fairly educational way and makes it easy to manage risk analysis with the various contributors. I think interconnectivity is the strength of this tool. "
Thierry Jeanneret, Group CISO at Asendia

‍

3/ Action plans: an everyday tool

Global visibility across the entire scope
Real-time progress tracking
Automated dashboards and metrics

Covered objective:

Manage effectively by providing the second line of defense with a structured working basis, while assigning tasks to the first line.

‍

4/ Vulnerabilities: procedures integrated into the tool

Configuration of each vulnerability detected
Assigning tasks to contributors and generating action plans
Time savings compared to manual management in Excel

Covered objective:

Optimize resources and enable a small team to effectively cover a growing number of entities.

" We managed to get it adopted and implemented across all the procedures that are part of our policy. "
Thierry Jeanneret, Group CISO at Asendia

‍

5/ Reporting: an up-to-date view for all levels

Data aggregation and centralization
Real-time dashboards and reporting
Audit tracking and simplified presentations for management

Covered objective:

Dashboards tailored to each stakeholder and editable in just a few clicks.

" We saw the difference with Tenacy in terms of audit follow-up. Once we had put in place the action plan for all vulnerability-related actions, we followed up with the management board on a weekly basis. It's this kind of thing that makes follow-up much easier. "
Thierry Jeanneret, Group CISO at Asendia

‍

Centralization and automation for unified governance

Single point of entry

for all cyber governance: compliance, risks, supplier assessments, incidents, reporting.

Automation

controls, workflows, and recurring tasks.

Effective management

a growing number of entities with a limited workforce.

Ultimately, Tenacy became the operational base and sole governance tool for Asendia's cyber team, responding to specific business needs on a daily basis.

Results

Centralized and effective cyber governance

4 times faster

On risk analyses, assessments, data collection, and reporting.

"The online support with chat is very responsive and always of a high standard. That's what I appreciate; it's important and sets it apart from other solutions." Thierry Jeanneret, Group CISO

Visibility and control

A comprehensive view and better control of cyber assets.

Effectiveness

The ability to manage more entities with the same team, reducing the workload associated with manual tasks.

Conclusion

For international organizations with limited resources, Tenacy is the ideal solution for transforming fragmented management into unified, efficient, and scalable governance.

Do these issues resonate with you?

Schedule a demo

You may be interested in

Governance

Data governance: 5 tips to optimize your strategy

Regulatory obligations, data-centric organization, storage cost optimization, data monetization... whatever your company's objectives, it all comes down to data. From collection to destruction, companies are responsible for the information and data they hold. That's why it's essential to define an effective data governance strategy.

November 29, 2022

Compliance

Developing a PSI in four steps

The information system security policy (ISSP) is more than just a reference document: it represents the foundation of the strategic vision for the company's IS security. Nothing less.

April 16, 2024

Life as a CISO

ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.

November 15, 2022

Regain Control of Your Cybersecurity

Schedule My Personalized Demo

30 minutes with no obligation