Nourou Dine Bajinan

Internal audit mission for ISO27001, as part of the certification project for TENNAXIA (software editor and consulting)

- Kick-off meeting: Presentation of objectives, schedule and expectations, as well as responsibilities and clarification of the scope of intervention;

- Documentary analysis: Review of existing documents related to the ISMS;

- Stakeholder interviews: discussion with the managers and key players of the ISMS to understand their processes and information security needs.

- Analysis of existing security measures: Evaluation of security controls in place to determine their effectiveness and adequacy to ISO27001 requirements;

- Identification of gaps;

- Formulation of specific and pragmatic recommendations to strengthen the ISMS and achieve ISO 27001 certification;

- Closing meeting;

- Finalization of the report after incorporating feedback and comments from the client during the closing meeting;

• Security support mission for projects (ISP) within SOGECAP (Société Générale Assurances)

- Security support for business projects using risk analysis by identifying business stakes, security requirements, associated action plans, and assessing residual risks

- Analysis of application sensitivity and creation of security files,

- Monitoring audit results for applications, third parties (partners, delegates, suppliers, ...), and physical sites, conducted by another department or by the department itself, integrating identified vulnerabilities into risk analyses and monitoring associated remediation action plans

- Control of application security level

- Security in contracts with suppliers

- Management of derogation/exception requests,

- Internal committees.

- Security integration in projects: Risk analysis, formalization of security requirements to reduce risks identified against internal policies, monitoring the implementation of security requirements.

- Security in contracts with suppliers

- Management of security requests and approvals, internal committees.