Team


Francois LOREK

Associate Director


François has long worked in digital technology consulting, where he measured the regulatory issues of compliance, particularly applied to the digital world.

For TRAX, it carries the vision, validates the commercial offer and guarantees the quality of the services.

  • Associate Director of TRAX
  • Expert in Integrated Management Systems and Cyber-Risks
  • More than 50 ISO 27001 audit missions (350 days of certification audit, including ISO 27001 since 2008),>
  • INSA Engineer
  • Expert in standardization AFNOR and ISO, member of the standards committees:
    • ISO SC27
    • CN SSI (ISO 27001)
    • CN IQLS (ISO 20000-1)
  • Vice-convener WG4 (Security Controls and Services Working Group) and member of the French delegation to ISO/JTC1/SC27

Ronan THE GOFF

Associate Director


Ronan has worked for a long time in the expertise of intangible and financial risks. Convinced of the levers of compliance in responding to cyber risks, he created TRAX with François Lorek to offer solutions for anticipating, processing and modeling digital risks.

  • President and Associate Director of TRAX
  • 30 years in business consulting
  • Founding member of the K2 Circle (risk management)
  • European expert FUEDI-CEA
  • MS Audencia Business School

Expert member of AFNOR standards commissions:

  • “Governance of Organizations” (ISO 37001)
  • “Security and Resilience” (ISO Activity Continuity 22301)

Vincent FREMONT

Senior Advisor


Vincent has managed a service company established in 8 European countries for 25 years. Convinced of the challenges of digital compliance and their impact sur la gouvernance des entreprises, il accompagne François Lorek et Ronan Le Goff pour structurer Trax et relever les défis de l’amélioration continue.

  • Senior Adviser de TRAX
  • 30 years of experience in a corporate governance
  • Labour Court
  • MS Audencia Business School

Matthieu BRIOTTET

Head of IT Expertise


Successively systems engineer, director of information systems and then expert RGPD and HDS (CNIL), Matthieu has logically evolved his path towards compliance and auditing.

For TRAX, he assists clients in their digital compliance process (audit, training and advice) and as an external DPO or CISO.

  • GDPR expert on data protection
  • Expert in Information security and HDS Management Systems (ISO 27001 and HDS) and data and privacy protection (ISO 27701)
  • AFNOR Certification Auditor on ISO 27001, 27701 and HDS
  • Responsible for the security of external information systems (RSSI), Delegate for Data Protection (external) and Itability and Freedoms Correspondent (CIL): construction of treatment registers, risk analysis, drafting of procedures and policies RGPD , Privacy Impact Studies (EIVP/DPIA)
  • Engineer at CNIL serving technological expertise for the investigation of HDS authorization files, participation in the development of the Privacy Impact Assessment (PIA) software and the animation of the CNIL PIA workshops
  • Specialized Master’s degree In Personal Data Management and Protection (ISEP – 2018)
  • Master 2 Computer Methods Applied to Management (University Lyon 1 – 2006)

Qualified third-party auditor on ISO 27001, 27701 and HDS by AFNOR Certification and certified Lead Auditor ISO 27001 (2018)

  • Expert member of the AFNOR Standardization Committee :
    • “Information Security and Data Protection and Privacy” (27001, 27701, …)
  • Member of the French Delegation at international standards meetings (ISO JTC1 SC27)

Thierry MAXIME

Head of IT Expertise


Convinced of the importance of standards, Thierry first worked on corporate social responsibility, before extending his interest in the security of information systems.

For TRAX, he assists clients in their digital compliance process (audit, training and consulting).

  • Management Systems Expert:
    • Integrated & Multi Standards (IMS)
    • Quality (QMS according to ISO 9001:2015)
    • Information Security (ISO 27001) and Health Data Hosts (HDS)
    • Privacy protection (ISO 27701)
    • Services Management (SMS according to ISO 20000-1)
  • AFNOR Certification Auditor on ISO 27001, 27701 and HDS
  • Master of Management and Environmental Protection
  • Qualified ISO auditor 27001, 27701 and HDS by AFNOR Certification (2019)
  • Certified Lead Auditor and Lead Implementer ISO 27001 (2017)
  • ISO 9001 internal auditor (2014)
  • Certified ITIL Foundation V3 (2014)
  • Expert member of AFNOR standards commissions:
    • “Software and Systems Quality Engineering” (20000-1)
    • “Information Security and Data Protection and Privacy” (27001, 27701, …)
    • “Security and Resilience” (Business Continuity 22301)
  • Member of the French Delegation at international standards meetings (ISO JTC1 SC27 and ISO TC292)
  • ISO 27031 editor (Information and Communication Technologies readiness for business continuity) within SC27 WG4

Amaury CORBEL

Junior compliance consultant


With a master’s degree in digital management, Amaury has developed an appetite for digital risk management. He is the project manager for the deployment of the VeriscanRisk application, assists senior consultants in their compliance services and contributes to the marketing reflection on TRAX’s service offering.

  • Graduated from ICN (Institut Commercial de Nancy)

Eric JEANCOLAS

Risk management expert and auditor


Convinced of the critical security of information systems, after a career with an American computer manufacturer, Eric now accompanies TRAX’s customers in their digital compliance process (audit, training and consulting).

For TRAX, he is also the veriscanRisk project manager, a risk management and mapping software application that TRAX has been marketing since 2020.

  • Expert in IT risk management and ISO 27001 implementation
  • ISO 27001 Auditor, ISO 27001 ISMS compliance Project Manager
  • 37 years of professional experience, including 7 years in IT risk management, 3 years in IT security and 4 years as project management methodology manager
  • Set up and responsible for managing IT production risks in a large French bank in an ISO 27001 context, certified by numerous audits
  • Participant in the Risk Management Working Group at IESF and EBIOS Club
  • École Centrale de Paris(1981)​
  • Expert member of AFNOR standards commissions:
    • “Software and Systems Quality Engineering” (20000-1)
    • “Information Security and Data Protection” (27001)
    • “Security and Resilience” (Business Continuity 22301)
  • Member of the French Delegation at international standards meetings (ISO JTC1 SC27)
  • Co-editor of ISO 27040 (Storage Security) at SC27 WG4

Jean Pierre GIRARDIN

Expert and auditor


Jean-Pierre completed a management and project management career with a Telecommunications operator before developing an internal audit and trainer activity. In particular, he set up the ISMS for a leader in Telecommunications, he managed the certification audits of this operator at the global level according to the ISO 9001, 20000-1 and ISO 27001 standards.

For TRAX, he assists clients in their digital compliance process (audit, training and consulting).

  • 30 years of experience in International Telecommunication projects,
  • 13 experience in management system audits,
  • Expert in integrated management system,
  • Numerous internal audits over the last 3 years (according to ISO 9001, 20000-1, 27001 and ISO 14001)
  • ISO 20000-1 v2018 training
  • Certified auditor
    • ISO 9001 (Quality) IRCA,
    • ISO 20000-1 (IT Services) APMG International
    • ISO 27001 (Information Security) LSTI
  • Certifié ITIL MALC
  • ISO 27001 Lead Implementer LSTI
  • ISO 27005 Lead Risk Manager PECB
  • Expert member of AFNOR standards commissions:
    • “Software and Systems Quality Engineering” (20000-1)
    • « Sécurité de l’Information et Protection des Données » (27001 & 27701)
  • Member of the French Delegation at international standards meetings (ISO JTC1 SC27)

Dimitri DRUELLE

Cyber security expert and auditor


His career as a consultant and manager in cybersecurity, carried out with major players in the sector, convinced Dimitri of the challenges of compliance with the multiple standards whose number is only growing (RGPD, Sapin 2, ISO, PCI, SOX, DSP2, ePrivacy, etc.).

For TRAX, he is responsible for leading digital compliance strategy consulting projects, including information security in health sector.

LinkedIn

Twitter

  • ISO 27001/27701, ISO 20000-1, HDS, ExpertCyber and Caisse certification auditor
  • Assessor on ANSSI benchmarks: PRIS, PDIS, SecNumCloud, PASSI, PAMS
  • Director of Operations, CISO, Director of Security and Privacy offers
  • Graduated from École Polytechnique and Télécom Paris
  • ISO 20000-1, 27001, 27701 and HDS Qualified Certification Auditor ISO 20000-1, 27001
  • Assessment manager qualified by ANSSI: PRIS, PDIS, SecNumCloud, PASSI, PAMS
  • Certified Lead Auditor ISO 27001:2013 by LSTI
  • Certifié CISSP (ISC)2
  • Certified ITIL V3 Foundation
  • Partnered with Denis HAVEZ and François LOREK to help design the next version of the Digital Health Agency’s HDS repository (formerly ASIP Santé) by incorporating feedback from the “field”.
  • This approach is requested by the Digital Health Agency and coordinated with Brice Gilbert, Product Manager Digital Confidence at AFNOR Certification.

Elisabeth MARCHAL

Expert and auditor


Elisabeth has 25 years of experience in auditing and consulting. She is an expert of integrated management systems and Cyber-risks.

For TRAX, she assists clients in their digital compliance process (audit, training and consulting) and pilots construction projects for Information Systems Security Management Systems (SMSI).

  • 25 years of auditing and business consulting experience
  • Expert in Integrated Management System and Cyber-Risk
  • More than 200 days of certification audit over the last 3 years
  • ISO 20000-1 repository expert
    • Several missions to support certification
    • Several audits to prepare for certification
  • MBA from Management Consulting at Toulouse Business School (2009)
  • ICA AFNOR Certified Auditor:
    • ISO 9001 (Quality) (No. 13233),
    • ISO 20000-1 (Computer Services) (No.4664),
    • ISO 27001 (Information Security) (No.4663)
  • Qualification Data Protection Officer (DPO) AFNOR
  • Certified ITIL Foundation

Joris PEGLI

Expert and auditor


Expert and auditor, with 25 years of experience gained in information systems security consulting firms (responsible for the ISO 27001-HDS offer) and as CIO of a healthcare software publisher. It also provides support and audit services for public and private entities. Its expertise in accommodation activities is particularly recognized in the health and medico-social sectors. For TRAX, he assists clients in their digital compliance process (audit, training and consulting).

  • Support missions for obtaining and renewing HADS accreditation, then obtaining ISO27001 & HDS certifications
  • ISO27001 Lead Implementer and Lead Audtor training
  • Outsourced CISO for a Hospital Center
  • Digital Hospital Consultant, HOPEN and OSE for GHTs
  • Outsourced DPO for various private organizations
  • BPMN business process certificate (2019)
  • CNIL RGPD certificate (2019)
  • Advanced RiskManager EGERIE (2017)
  • Lead Implementer ISO 22301 (2015)
  • Lead Auditor ISO / IEC 27001 (2010)
  • Lead Implementer ISO / IEC 27001 (2009)
  • Risk Manager ISO / IEC 27005 (2009)
  • ITIL Foundation V2 (2009)

William BOURGEOIS

Expert and auditor


William bénéficie d’une longue expérience de direction de projet et d’analyse de risques, qui l’a conduit de la R&D, au poste de DSI, puis de RSSI. Consultant et auditeur, il enseigne la cryptologie et la sécurité numérique.

Pour TRAX, il est amené à accompagner les clients dans leur démarche de conformité numérique (audit, formation et conseil) et piloter des projets de construction de Systèmes de Management de la Sécurité des Systèmes d’Information (SMSI).

  • 25 ans d’expérience dans le conseil en sécurité des systèmes d’information : successivement concepteur-développeur, DSI, RSSI.
  • Expert en Systèmes de Management et cyber-risques
  • Auditeur de certification AFNOR sur ISO 27001, 27701 (en cours)
  • Auditeur AFNOR sur le label “Expert Cyber”
  • Conférencier et enseignant au CNAM et à l’Université Lyon 2 (conformité, cybersécurité, cryptologie)
  • Formé à la sécurité des données de santé
  • Doctor of Science & Computer Science
  • Lead Implementer ISO 27701(2020)
  • Lead Auditor ISO 27001 (2018)
  • Auditeur RGPD

Mourad OUERDIANE

Expert and auditor


An industrial quarry dedicated to the safety of oil production infrastructure led Mourad to certified compliance.

For TRAX, he supports clients in their approach to quality, environment, safety, occupational health and safety and cyber security (audit, training and advice).

  • 25 years of audit experience
  • More than 300 days of certification audits according to ISO 9001/14001/20000-1/270001/OHSAS 18001/17025,
  • ISO 9001, 20000-1, 27001
    • Multiple certification preparation audits
  • EMBA ICHEC Brussels (2013)
  • Total Quality Master at the Higher Institute of Management (2004)
  • Engineer, graduate of the National School of Computer Science (1988)
  • ICA AFNOR Certified Audit Manager:
    • ISO 9001 (Quality) (No. 14823),
    • ISO 14001 (Environment) (No.14824)
  • IRCA AFNOR ISO 27001 Certified Audit Manager since 2010
  • Head of auditing AFNOR ISO 20000-1 since 2015, ISO 27001 since 2014,
  • AfNOR SST OHSAS 18001 certification audit manager since 2005, ISO 45001 since 2018
  • IsO 17025 (metrology) accreditation audit manager
  • An expert on information security standards, Mourad is a reference with INNORPI, Tunisia’s standards body.

Ali MENIARI

Expert and auditor


After a career in an American IT group, completed as director of audit and risk, Ali has logically evolved into digital compliance issues.

For TRAX, he assists clients in the construction of their Information Systems Security Management System (SMSI) in accordance with ISO 27001 requirements.

  • Responsible for implementation, support or optimization of IS Security Management and Service Management Systems.
  • Conducting internal audits, isO 27001, 20000-1, 22301 and 9001 certification preparations
  • Consultant SAP
  • Director of operations for a US computer equipment manufacturer
  • Master of Science in Information Technology at ETS Montreal (2006)
  • Bachelor of Management at HEC Montreal (2003)
  • Certified Lead Auditor 22301 (2018), qualified AS ISO 27001 auditor by AFNOR
  • Certified Lead Auditor 27001 (2017) and CISA by ISACA (2017)
  • Certified ITIL Intermediate OSA (2015) and CSI (2016) by ITIL Foundation V3 (2011)
  • IsO 27005 Risk Manager Certified (2013)
  • Qualified PECB Trainer

Denis HAVEZ

Expert and auditor


Denis had a career as a project manager at an American it manufacturer before developing a consulting business in information systems, quality and methods.

For TRAX, he is involved in value-added consulting projects combining safety and health, as a reference on ISO 20000-1, 27001 and HDS audits.

  • 30 years of auditing and business consulting experience
  • Expert in integrated management system and cyber risks
  • More than 300 days of certification audit over the last 3 years
  • Expert on the Health Data Accommodation Repository (HDS)
    • Several missions to support the constitution and filing of accreditation files
    • Several missions to review and validate accreditation files
  • Certification Auditor Training at ISO 20000-1 v2018 and HDS
  • Judicial expert at the Rennes Court of Appeal
  • ICA AFNOR Certified Auditor:
    • ISO 9001 (Quality) since 1996
    • ISO 20000-1 (Computer Services) since 2006
    • and ISO 27001 (Information Security) since 2010
  • Certified ITIL Foundation
  • Partnered with Dimitri Druelle and François LOREK to help design the next version of the Digital Health Agency’s HDS repository (formerly ASIP Santé) by incorporating feedback from the “field”
  • This approach is requested by the Digital Health Agency and coordinated with Brice Gilbert, Product Manager Digital Confidence at AFNOR Certification.

Orane PANDELLE

Administrative and financial assistant


With an accounting background, Orane coordinates the administration of TRAX in conjunction with Ronan Le Goff and François Lorek, thanks to digital tools to control the activity remotely.

For TRAX, it manages the administrative and financial aspects on a daily basis and guarantees their reliability.


Yves NORMAND

Expert and auditor


Ancien RSSI, Yves jouit d’une maîtrise aboutie de la sécurité des systèmes d’information, acquise dans un large spectre d’industries, avec une spécialisation graduelle dans les sujets de santé. Consultant, auditeur et formateur, il accompagne ses missions de conduite du changement d’une dimension de développement personnel.

Pour Trax, il accompagne les clients dans leur démarche de conformité numérique et de construction de leur Système de Management de la Sécurité des Systèmes d’Information (SMSI).

  • Consultant, auditeur et formateur en sécurité de l’information
  • RSSI et CIL
  • Expert en gouvernance des systèmes d’information
  • Cyber Réserviste et actif dans plusieurs associations numériques (ARCSI, APSSIS, AFPRN)
  • Expert en Conformité réglementaire et normative
  • Ingénieur U.T.C. 1993 (Compiègne)
  • Certifié Lead Implementer ISO/CEI 27001
  • Certifié Lead Auditor ISO/CEI 27001
  • Certifié Risk Manager ISO/CEI 27005:2018
  • Certifié DPO GDPR