"Our consulting and support missions are carried out by our Trusted Advisors team", explains Philippe Dann, Head of Risk & Business Advisory at EBRC. "Our experts meet with the managers of the various facets of the business of the company that uses our services, to identify the critical processes and activities. They can thus identify business needs and analyse the ability of the IT infrastructure to meet these requirements."
EBRC experts' investigations cover the entire spectrum of business continuity, from DRP - i.e. infrastructure continuity - to business impact analyses. "Our consultants work both with the business lines and with IT to ensure that both are aligned," says Philippe Dann. "They conduct impact analysis campaigns, identify applications, risk elements or the most critical elements, and then work with the customer to set up its own continuity and crisis management strategies and plans". EBRC Trusted Advisors can then assist the customers until they obtain the ISO 22301 certification, which governs the field of business continuity.
"In terms of business continuity management, we provided support to Arendt Services in their certification process, the first Luxembourg-based PFS to obtain ISO 22301 certification, the Banque de Patrimoines Privés, a pioneer among local banks, and a French insurance company", said Philippe Dann. "At the moment", he goes on, "we are supporting half a dozen companies in their certification process. For others, our intervention focuses on risk analysis or Business Impact Analysis activities".
The Trusted Advisory consulting offer also includes audits and support for data centre certification. These data centre audits are carried out by the certified teams that manage and operate EBRC's own Tier IV Data Centres. "Beyond the traditional audits of infrastructures and their operation, these missions integrate the analysis and management of risks, whether they are environmental risks related to data centres, cyber risks, or the elements highlighted by the NIS directive and which concern the scope of the data centre," explains Philippe Dann. "To do this, we systematically conduct an analysis of the risks to which our client's data centre is exposed in relation to its economic activity and its IT environment. In this way, we combine our technical expertise in data centres - physical security, logical security, availability - and risk management".
"Our consulting activities also extend to GRC, Governance Risk & Compliance, an area that falls within the scope of information system security, in particular ISO 27001. We help our customers to carry out their risk analyses, set up risk management and develop their safety strategies", explained Philippe Dann. "In this context," he added, "we integrate both European regulations and directives - GDPR and NIS, in particular - international standards and the company's own internal rules to define a risk management and cyber-security dashboard aimed at assessing compliance".
The IT transformation is another aspect of EBRC's consulting services. "We help our customers select the solution that best suits their needs, business and applications as they transform their IT environment, whether in terms of relocating data centres or migrating to the cloud," says Philippe Dann. And to help companies better protect their data and system integrity, EBRC’s experts assess and strengthen the security level of infrastructures and applications based on risk analysis and vulnerability and intrusion tests.