In the event of a security incident, our Rapid Response Force is available 24/7. 

Regulated Information Systems (NIS1/NIS2, LPM)

Through a controlled and regulated system, an organization can demonstrate its commitment to protecting its vital, essential or important information systems (IS) to the functioning of the nation.

Contact us

Several thousand

companies and organizations in France are affected by national (LPM Loi de Programmation Militaire) and European (NIS1/NIS2) regulations, from small companies to major accounts and public bodies (administrations, local authorities, etc.).
 NIS 2 Directive: what will change for French companies and public authorities | Agence nationale de la sécurité des systèmes d’information (ssi.gouv.fr)

Bring information systems’ cybersecurity aligned with national and European regulations

The Formind approach implements an adapted approach to guarantee IS’ compliance with national (Military Programming Law (LPM), Inter-ministerial Instruction concerning sensitive and restricted IS (II901), etc.) and European regulations (Network and Information Security 1 and 2) (NIS1 and NIS2).

The first step is to determine the applicability of the regulations to each IS (which regulations, for which IS?), and then define a “proportionate” and sustainable approach.

This approach is developed by considering the multidimensional aspects of the IS: business, organization, budgets, teams, techniques… and Formind, strengthened by the various skills, expertise and services implemented since 2010, proposes an offer organized in several axes, each one being able to have its autonomy:

  1. Opportunity study”
  2. “Gap analysis and feasibility study,
  3. “Definition of a Compliance Strategy”,
  4. “Compliance management and monitoring

The mindset is to define clear, achievable objectives. They will determine a strategy including organizational and technical measures to maintain the Information System’s cybersecurity at the required level over the long term.

A 4-pronged approach

Opportunity study

This service enables you to check which regulations apply to which entity or IS, and which security standards apply.

Gap analysis/Audit and feasibility study

The aim is to establish the status/level of compliance of the entity and its IS with respect to regulations, to assess risks in order to define clear and achievable security objectives, and to determine feasibility according to various constraints.

Compliance strategy

Once the safety objectives are known, a strategy is defined. The aim is also to ensure that risks are reduced in line with the agreed objectives, by means of organizational/technical measures.

Compliance monitoring and control

This involves steering actions to maintain compliance, and ensuring that risks are controlled in line with objectives.

An approach tailored to business constraints

A pragmatic approach tailored to business constraints

The types and sizes of companies subject to these regulations vary. IS also carry different risks. The key is to adopt pragmatic approaches.

Knowledge of SMEs and large groups

Knowledge of IS issues of all sizes, from small and medium companies to major accounts

A full range of expertise

A multi-regulatory vision: GDPR, NIS1/NIS2, LPM, DORA, etc….

PASSI, PRIS and PACS qualifications (coming soon)

Varied IS practice: IT, OT, etc. in different sectors

Experience in various sectors: insurance, banking, energy, industry, defense, …

FAQ

What is a “SIR”?

It is an IS subject to national or European regulations.

Who is NIS2 for?

Any entity delivering an Essential or Important service for the nation. In other words, several thousand companies in 18 business sectors. From small/medium companies to CAC40s.

What is proportionality?

It's a question of designing security systems in line with the risks and constraints of the concerned entity.

Which regulations are addressed by the Formind offer?

NIS1, NIS2, LPM, II901, IGI1300...
https://cyber.gouv.fr/la-directive-nis-2
https://cyber.gouv.fr/le-dispositif-saiv
https://www.legifrance.gouv.fr/codes/section_lc/LEGITEXT000006071307/LEGISCTA000028342645
https://www.legifrance.gouv.fr/codes/section_lc/LEGITEXT000006071307/LEGISCTA000030407669
https://www.legifrance.gouv.fr/loda/id/JORFTEXT000030405967
https://cyber.gouv.fr/les-regles-de-securite

What is an homologation?

it is a formal system for controlling risks on an IS
https://cyber.gouv.fr/publications/lhomologation-de-securite-en-neuf-etapes-simples

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us