What is your background ?
Graduated from Brest Business School (BBS) and University from Californi e , I piloted various types of projects in Telecoms and IT before joining 3 DS O UTSCALE .
Why did you join 3DS OUTSCALE ?
When I arrived, 3DS OUTSCALE had 30 people compared to 1,7 0 today: the “Start Up” spirit and the opportunities linked to innovation and the cloud seduced me e .
What are the objectives of your mission?
3DS OUTSCALE is ISO 27001, 27018, 27017, Lucie 26000, HDS certified and SecNumCloud qualified : I am responsible for the ISMS and compliance of our practices with our information security and data protection commitments, standards and applicable regulations.
Why is compliance important?
Compliance acts on two axes:
- Competitive and commercial advantage : certification gives access to market segments locked by prerequisites of the compliance. It justifies ahe unanimously recognized quality of service .
- The structuring of the company : the certification sets a framework, in the definition of the objectives of the company and conditions its strategy.
Who are the stakeholders in establishing compliance?
The whole organization is concerned , but the implementation of compliance is the initiative and the input of its general management. The effort must combine :
- A clear message ;
- Objectives defined according to the standard’s reference ;
- Significant commitment from senior management e .
In summary, compliance is a support tool for management which makes it possible to structure the organization on a model of “ business project ”.
How to conceive of the conformity and the standard as an investment and not a burden ?
You have to take ownership of the standard. It provides a method of continuous improvement with recommendations intended for optimize company practices. It also provides managerial structuring by introducing examples of operational tools.
What is the link between risk analysis, management and business continuity? ?
Risk analysis provides operational information to management. It mobilizes a mosaic of people (CISO, risk owners, field agents, etc. ) and benchmarks , so that management synthesizes the situation and commits the company according to information collected. If the situation requires it, management launches a continuity plan to overcome an obstacle, manage the consequences of a crisis, disaster or major hazard.
Can you cite an example of a business whose business was saved by compliance ?
In general, compliance ensures the continuity of economic activity , by maintaining commercial agreements, between a supplier and a customer for example.
Do you recommend your partners to be certified on specific standards? Does your business impose it?
W e demand that our data center partners be at least ISO 27001 certified. For our other partners, We are sensitive to ISO 27001 certifications, but also to the CSR approach they promote .
Do you think compliance will become one day compulsory? What is your vision for compliance and its market? Where will the standard evolve?
Compliance is already compulsory in certain areas, so it is a topical subject , and it extends to the rules of public contracts : in the context of a public procurement , calls for tenders require economic operators _ _ missionary _ _ to present a minimum degree of conformity for their offer to be selected (ISO 9001 for quality of service) .
In addition , standardization bodies must avoid contradictions between standards and limit the number of players, by concentrating on harmonization work.
Compliance should not be a barrier innovation and limit business agility .