Mutual insurance companies and insurance companies
x

Maintain and extend ISO 27001 certification to other sites

How did the Henner Group simplify its compliance management?
"The platform saves us a significant amount of time, and the centralization of data is invaluable."
Antoine Bajolet
CISO at Groupe Henner
The challenge
Overseeing ISO 27001 compliance for several international sites

In a highly regulated insurance sector, which aims to protect policyholders and guarantee the protection of their personal data, the Henner Group develops and operates innovative personal insurance solutions internationally.

‍

With an SSI team of four people, the rapidly growing group obtained ISO 27001 certification for its French sites and its Lisbon site. The challenge was to manage the process and accelerate compliance at its other sites.

Effectively maintaining ISO 27001 certification
already obtained on the sites in France and Lisbon
Multi-site compliance
Ensure compliance of new international sites.
Automation
Centralize data and save time every day.
The objective
Certify compliance with regulatory requirements regarding personal data protection and information system security, and streamline cybersecurity management processes.
The solution

Why did you choose Tenacy?

Organizational Mapping

Acomprehensive model where each entity is represented with its own security score.

ISO 27001 management

Anintegrated framework broken down into operational measures, action plans, and indicators that simplify management.

Automated workflows

Acompliance level that changes with each action, with a score that is automatically adjusted.

Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

1/ Centralize to gain visibility and productivity

By centralizing all its cybersecurity-related information in Tenacy, the SSI team was able to benefit from a 360° view, which could be shared with all stakeholders using dashboards created in just a few clicks.

This made it possible to monitor all cyber indicators in real time and save considerable time byautomating tasks and generating reports.

Covered objective:

Optimize visibility into the group's cybersecurity and eliminate time-consuming tasks.

‍

2/ Rely on cyber standards to drive multi-compliance

The ISO 27001 standard was one of the cyber security frameworks available in the Tenacy catalog, easily deployable on a site requiring security. For each measure in the framework, the security measures to be applied, recurring tasks, and monitoring indicators were pre-configured.

With Tenacy's organizational modeling feature, the Henner Group was able to apply and monitor each element of the ISO 27001 standard across its various sites requiring security measures.

Covered objective:

Simplify ISO 27001 maintenance and save time on compliance for new sites.

‍

3/ Simplify collaboration to strengthen cybersecurity management

By eliminating manual processes related to Excel files, the Henner Group has reduced the risk of errors and simplified its compliance management.

SSI teams now rely on a single platform: they can easily collaborate with all stakeholders, track assigned tasks, and record results in a centralized location.

Covered objective:

Optimized cyber management for better-protected organizations.

‍

Results

Industrialized compliance management

Considerable time savings

on dashboard production.
A new goal: the removal of all Excel files.

Reliable, centralized data

with real-time tracking of evidence and actions reported.

Simplified collaboration

between the SSI team and stakeholders.
Conclusion
The case of the Henner Group shows how a complex organization can maintain its certifications and simplify compliance for different sites internationally while strengthening its cyber governance.
Do these issues resonate with you?
Schedule a demo
Other articles

You may be interested in

Data governance: 5 tips to optimize your strategy
Governance
Data governance: 5 tips to optimize your strategy

Regulatory obligations, data-centric organization, storage cost optimization, data monetization... whatever your company's objectives, it all comes down to data. From collection to destruction, companies are responsible for the information and data they hold. That's why it's essential to define an effective data governance strategy.

November 29, 2022
Developing a PSI in four steps
Compliance
Developing a PSI in four steps

The information system security policy (ISSP) is more than just a reference document: it represents the foundation of the strategic vision for the company's IS security. Nothing less.

April 16, 2024
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms
Life as a CISO
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.

November 15, 2022

Regain Control of Your Cybersecurity

Schedule My Personalized Demo
30 minutes with no obligation