How is the Paris Fire Brigade Insurance Company using CyberVadis?

Olivier Deve : We first involved CyberVadis in 2020 following a request from one of our partners to assess our level of cyber maturity. While we had not yet entered the Russian-Ukrainian conflict, the initial limits had been identified for our small structure, without being able to measure their level of impact or identify the actions that could be implemented. At the time, the Board of Directors wanted to make cybersecurity a priority. This first CyberVadis assessment enabled us to identify the expectations of the sector. To meet these expectations, we called on Omnitech and Sanjeet’s team to set up an action plan.

Sanjeet Aumeerun : CyberVadis is also a solution that we use at Omnitech. We used it to get an initial assessment of our level of maturity and to get an overall summary of our weaknesses and the areas where we need to strengthen. So it was only logical that we accompanied the MSPP in strengthening the security of their information system (IS).

Olivier Deve : The MSPP committed itself over the three years following the first audit to implementing the recommendations made during the first audit. In addition to the changes made to our IS environment and the training initiatives undertaken for our teams, the various actions taken have been incorporated into our procedures (PSSI, PCI, access management procedure). Our action plan was made possible thanks to Omnitech’s contribution. At the end of the process, it was important for us to conduct a second assessment with CyberVadis in January 2024 to measure the effectiveness of our action plan.

Sanjeet Aumeerun : CyberVadis provided us with an overview of the maturity level and the crucial points to be addressed or strengthened. Based on this summary, we listed the various elements and actions to be put in place, and then divided up the tasks between us. Olivier was responsible for the documentary part (drafting of security plans, etc.) and my team for the technical part with the various actions and security measures to be put in place on a preventive or corrective basis to strengthen the IS. We also worked on the servers and equipment to check that the measures were in place and, if not, to supplement and reinforce them.

Prior to the reassessment project, the MSPP had undertaken a project to optimize its IS and strengthen security. We had already implemented a number of actions: updating some equipment and antivirus software, migrating some equipment to more reliable solutions. CyberVadis gave us the opportunity to move forward on the security front by helping us to optimize certain actions and by reinforcing certain points that had been considered but not necessarily implemented.

Olivier Deve : With CyberVadis, we can quickly quantify the link between good practices and the immediate impact on our organization and its security. Unlike a traditional audit, where you have consultants who come on site, ask you a number of questions, and then deliver a report that doesn’t necessarily make the link between practices and impacts, with CyberVadis, we’re also a player! The audit allows us to monitor our progress on a daily basis. The remediation plan makes it easy to identify the points on which we need to make rapid improvements, and to determine the actions that can be taken. All that’s left for us to do is to quantify the financial cost of all these actions internally. This is a valuable contribution to helping us make the right decisions when it comes to managing change. The audit also enabled us to formalize our various procedures in this area. The evidence submitted to the platform has been incorporated into our written policies. Indeed, the documentation provided for the assessment was used to complete the access systems security policy, the general information systems policy and to draw up our IT continuity plan.

Sanjeet Aumeerun : I’ve already undertaken security audits with service providers specialized in this field. It’s true that it can be quite costly because the service provider comes on site for a whole day and carries out actions that could have been worked out beforehand. Thanks to CyberVadis, we have been able to do this work with Olivier at a lower cost, particularly with the remediation plan that we have followed to put in place a whole range of measures. If one day Olivier decides to call in a service provider to physically check the security, we know that most of the work will have been done.

Olivier Deve : The MSPP now wants to offer its cover to people other than its original members, so using the CyberVadis scorecard in an RFP is clearly a benefit when we are dealing with health data. The news in our sector reports several insurers, third-party payers, and/or brokers who have been the target of data leaks and/or who have been impacted by a long shutdown of their activity. It is important to reassure employers and our members who entrust us with their data.

The Paris Fire Brigade Insurance Company (in French – Mutuelle des sapeurs-pompiers de Paris or MSPP) was founded on 18 November 1955 by a small group of soldiers of all ranks from the Paris fire brigade regiment. Support, protection and prevention are among the commitments made by our company to offer members benefits and services that meet their needs as closely as possible. The MSPP attaches particular importance to kindness when dealing with others. It is consistent with the ethics and code of honor of the Paris fire brigade and ensures that the mottos of its corps are applied.

Omnitech, a managed service provider with 30 years’ experience, specializes in tailor-made application development engineering, information systems consulting (project owner/project manager), and systems, network and security engineering (on-premise and in the cloud). Our talented staff listen to our customers’ business needs and provide appropriate solutions with a commitment to results or resources. At Omnitech, we provide innovative technological solutions to support our customers’ growth and digital transformation.