Luc Delpha

Partner | Lead Governance, Risks & Compliance

There is no such thing as perfect security, but there is a balance for every company to find, implement and preserve. This is what we call “optimal” security. The one that allows to ensure a level of protection continuously adjusted to the real level of risks, the cyber-resilience and the performance of the company. Indeed, we believe that in this increasingly information-driven world, the control of information system security risks must be at the heart of each company’s strategy and in the foundations of each of its activities. We also believe that people, intelligence and expertise are the pillars of control. These convictions shape our approach and our daily work with the clients we support in their search for optimal security.

What we do

Risks, measures, controls. If the mantra is well known and simple on paper, its harmonious implementation is less so.
Our expertise: to help you achieve the right balance to protect your assets and activities, and to successfully implement a holistic approach to security, thanks to a pragmatic approach to risk management.
From dialogue with the business, whatever the sector of activity (industry, services, health, defense, leisure, retail, etc.) and the size of the organization, to the very operational aspects of day-to-day security, we are committed to providing long-term support and building with our clients.
In all cases, we call on the involvement of users and administrators to make people the first and last line of defense for information and associated systems.
Far from any dogmatic approach, we see compliance management as an asset, and know how to use the relevant reference systems in any context to transform constraints into opportunities.

The team

You will be accompanied by experts with certified skills and rich and varied backgrounds (integrators, hosts, end customers, business schools, engineering schools, legal experts…).
Our experts attach particular importance to staying abreast of current events and following the latest developments in their fields of expertise. Certified QSA PCI DSS, ISO 27001 Lead Implementer, Lead Auditor, ISO 27005 Risk Manager, CDPO, CISSP… they are passionate about their areas of expertise and continuously train to keep their knowledge at the state of the art.
They are also contributors to this knowledge (teaching in schools and universities, training through Almond Institute, CESIN, etc.).
Our multidisciplinary expertise allows us to deploy referent consultants supported by an agile team, which they call upon according to the skills required.

What makes the difference

Our experts attach great importance to building security with our clients, and to adopting an approach and system adapted to each structure. We offer each client elements that are specific to their context and we accompany them so that they can make them their own.
When we use models and tools, we do so sparingly, taking into account where and when they are used.
In addition, Almond is one of the few French companies certified as a “QSA Company”, which allows it to conduct PCI DSS certification audits.
Finally, whether you are an SME, ETI or multinational, our activities always meet the same watchwords: effectiveness and efficiency.

Our expertise

Flash Maturity Assessment: Identify your overall security level and improve your practices

Information security: pass your ISO 27001 certification, maintain it and improve your ISMS

Operator of Essential Services: Achieving Compliance

Security for extended organizations: assessing and improving your information security beyond the boundaries of your systems


PCI DSS: achieving compliance, achieving certification and maintaining it

SWIFT CSP: achieving your compliance

GDPR assessment: evaluate your level of compliance

GDPR compliance and DPO assistance: be prepared for the unexpected

Major incident and cyber crisis management: be prepared for the unexpected

Crisis exercise: facing the challenges of the consequences of a successful cyber attack, improving cyber resilience

Office 365: Teams and Security: leveraging the capabilities of the Office 365 digital hub without compromising on security

Cyber support dedicated to software companies: Improve your overall security level & promote a trusted service

Resilience and the health crisis: capitalizing on the lessons of the health crisis and the opportunities to increase resilience

Industrial systems security: audit your industrial information system according to industry best practices

Security audits of industrial systems: analysis of security risks related to your
industrial information system

Diagnostic Cyber, Région Grand est : Bénéficiez d’un audit subventionné à 50 % par la Région

Conformité RGPD pour les TPE/PME : Une solution clé en main avec Lord Privacy et Almond

Slide >> CONTACT US <<