Philippe Dann, Head of Risk and Business Advisory, EBRC

By Michaël Renotte for EBRC

Convinced of the fact that companies must acquire the resilience necessary for their development in the digital economy, EBRC has deployed a consulting offer that responds to the challenges posed by the digital transformation. This consulting activity now covers business continuity management, cybersecurity, IT transformation, data centre audits and the full spectrum of all aspects of Governance, Risk and Compliance.

"Our consulting and support missions are carried out by our Trusted Advisors team", explains Philippe Dann, Head of Risk & Business Advisory at EBRC. "Our experts meet with the managers of the various facets of the business of the company that uses our services, to identify the critical processes and activities. They can thus identify business needs and analyse the ability of the IT infrastructure to meet these requirements."

EBRC experts' investigations cover the entire spectrum of business continuity, from DRP - i.e. infrastructure continuity - to business impact analyses. "Our consultants work both with the business lines and with IT to ensure that both are aligned," says Philippe Dann. "They conduct impact analysis campaigns, identify applications, risk elements or the most critical elements, and then work with the customer to set up its own continuity and crisis management strategies and plans". EBRC Trusted Advisors can then assist the customers until they obtain the ISO 22301 certification, which governs the field of business continuity.

"In terms of business continuity management, we provided support to Arendt Services in their certification process, the first Luxembourg-based PFS to obtain ISO 22301 certification, the Banque de Patrimoines Privés, a pioneer among local banks, and a French insurance company", said Philippe Dann. "At the moment", he goes on, "we are supporting half a dozen companies in their certification process. For others, our intervention focuses on risk analysis or Business Impact Analysis activities".

The Trusted Advisory consulting offer also includes audits and support for data centre certification. These data centre audits are carried out by the certified teams that manage and operate EBRC's own Tier IV Data Centres. "Beyond the traditional audits of infrastructures and their operation, these missions integrate the analysis and management of risks, whether they are environmental risks related to data centres, cyber risks, or the elements highlighted by the NIS directive and which concern the scope of the data centre," explains Philippe Dann. "To do this, we systematically conduct an analysis of the risks to which our client's data centre is exposed in relation to its economic activity and its IT environment. In this way, we combine our technical expertise in data centres - physical security, logical security, availability - and risk management".

"Our consulting activities also extend to GRC, Governance Risk & Compliance, an area that falls within the scope of information system security, in particular ISO 27001. We help our customers to carry out their risk analyses, set up risk management and develop their safety strategies", explained Philippe Dann. "In this context," he added, "we integrate both European regulations and directives - GDPR and NIS, in particular - international standards and the company's own internal rules to define a risk management and cyber-security dashboard aimed at assessing compliance".

The IT transformation is another aspect of EBRC's consulting services. "We help our customers select the solution that best suits their needs, business and applications as they transform their IT environment, whether in terms of relocating data centres or migrating to the cloud," says Philippe Dann. And to help companies better protect their data and system integrity, EBRC’s experts assess and strengthen the security level of infrastructures and applications based on risk analysis and vulnerability and intrusion tests.

A resolutely pragmatic approach

"Our consulting activity is based on a set of skills developed internally because what we recommend to our clients is what we apply to our own activities," explains Philippe Dann. "Our approach is pragmatic. It is based on sharing information with our customers and feedback. We are not business continuity theorists, nor are we governance theorists," he emphasizes. "To date, we have more than 800 continuity tests to our credit and many achievements in the area of crisis management," said Philippe Dann. "And we have being ISO 27001 certification since 2010, which is renewed every year, enabling us to capitalise on our long-standing experience. This is one of the reasons for which our customers trust us, because we have in-depth knowledge of the topics that we address and have the required experience to interact with IT specialists, CISOs, Risk Managers and DPOs, on the one hand, and with the business lines, on the other hand".

"Our intervention can thus be based on a request from the business lines relating to business continuity for example, or a need related to the risk identified by the CISO, the Risk Manager or the DPO. In both cases, alignment with IT will have to be assessed," said Philippe Dann. "This enables us to cover all the company's needs and, in combination with our Cloud, SOC, and data centre activities, to offer an end-to-end solution to customers who so desire," concludes Philippe Dann.