Luc Delpha
Partner | Lead Governance, Risks & Compliance
There is no such thing as perfect security, but there is a balance for every company to find, implement and preserve. This is what we call “optimal” security. The one that allows to ensure a level of protection continuously adjusted to the real level of risks, the cyber-resilience and the performance of the company. Indeed, we believe that in this increasingly information-driven world, the control of information system security risks must be at the heart of each company’s strategy and in the foundations of each of its activities. We also believe that people, intelligence and expertise are the pillars of control. These convictions shape our approach and our daily work with the clients we support in their search for optimal security.
What we do
Risks, measures, controls. If the mantra is well known and simple on paper, its harmonious implementation is less so.
Our expertise: to help you achieve the right balance to protect your assets and activities, and to successfully implement a holistic approach to security, thanks to a pragmatic approach to risk management.
From dialogue with the business, whatever the sector of activity (industry, services, health, defense, leisure, retail, etc.) and the size of the organization, to the very operational aspects of day-to-day security, we are committed to providing long-term support and building with our clients.
In all cases, we call on the involvement of users and administrators to make people the first and last line of defense for information and associated systems.
Far from any dogmatic approach, we see compliance management as an asset, and know how to use the relevant reference systems in any context to transform constraints into opportunities.
The team
You will be accompanied by experts with certified skills and rich and varied backgrounds (integrators, hosts, end customers, business schools, engineering schools, legal experts…).
Our experts attach particular importance to staying abreast of current events and following the latest developments in their fields of expertise. Certified QSA PCI DSS, ISO 27001 Lead Implementer, Lead Auditor, ISO 27005 Risk Manager, CDPO, CISSP… they are passionate about their areas of expertise and continuously train to keep their knowledge at the state of the art.
They are also contributors to this knowledge (teaching in schools and universities, training through Almond Institute, CESIN, etc.).
Our multidisciplinary expertise allows us to deploy referent consultants supported by an agile team, which they call upon according to the skills required.
What makes the difference
Our experts attach great importance to building security with our clients, and to adopting an approach and system adapted to each structure. We offer each client elements that are specific to their context and we accompany them so that they can make them their own.
When we use models and tools, we do so sparingly, taking into account where and when they are used.
In addition, Almond is one of the few French companies certified as a “QSA Company”, which allows it to conduct PCI DSS certification audits.
Finally, whether you are an SME, ETI or multinational, our activities always meet the same watchwords: effectiveness and efficiency.
Our expertise
Cybersecurity Assessment: the first cyberrisk analysis of your information system
Flash Maturity Assessment: Identify your overall security level and improve your practices
Information security: pass your ISO 27001 certification, maintain it and improve your ISMS
Operator of Essential Services: Achieving Compliance
GDPR compliance and DPO assistance: be prepared for the unexpected
GDPR assessment: evaluate your level of compliance
Security for extended organizations: assessing and improving your information security beyond the boundaries of your systems
PCI DSS: achieving compliance, achieving certification and maintaining it
SWIFT CSP: achieving compliance
Crisis exercise: facing the challenges of the consequences of a successful cyber attack, improving cyber resilience
Major incident and cyber crisis management: be prepared for the unexpected
Office 365: Teams and Security: leveraging the capabilities of the Office 365 digital hub without compromising on security
Resilience and the health crisis: capitalizing on the lessons of the health crisis and the opportunities to increase resilience
Industrial systems security: audit your industrial information system according to industry best practices
