Consulting & Audit
Expert advice complementing all our security solutions to prepare your security strategy and ensure it is working.

Expertise
Our specialists can assess the level of security of your IT infrastructure, websites, devices and applications, and provide actionable recommendations and training to improve the protection of your essential assets in terms of technology, processes and people engagement.

Our services
Our consultants and auditors take into account the specific context of each client to provide services and support adapted to their needs. Our experience across multiple industry verticals and security challenges means we can support your organization with the latest best practices in cyber security.

Case study
Find out how Orange Cyberdefense helped a European customer identify how to improve their industrial ICS/IoT security and increase employee awareness.
Expertise
Our pragmatic consulting and audit approach takes into account both specific security objectives of the organization as well as their overall business context, strategy and challenges. Our recommendations help organizations find a balance between optimal and feasible actions and investment. Our expertise is reinforced by learning lessons from across the Orange Cyberdefense organization as we support customers throughout the digital risk management lifecycle. This includes a deep experience in assessing, deploying and managing security protection via our trusted infra-structure solutions as well as managing incident events via our control, surveillance and reaction solutions. We aim to build a trusted, long-term partnership with our customers, supporting them to continuously improve their security.
Our differentiators:
Deep expertise in Industrial and IoT Security Consulting
Over 20 years’ experience in professional security services
Audit services certified PASSI by the ANSSI
(French National Security Agency)
Our services
We support organizations via our 8 specialist professional services practices:

Audit and conformity control
Assess your security measures against best practices and their compliance against regulations via our range of technical and organization security audit services:
- Overall security review and cyber diagnosis (organizational and technical audit)
- Site audit : physical security audit
- Supplier or partner audit
- “PASSI” and LPM Audit (“Military Programming Law”)
- ISO27001 and ISO27002 Audits
- PCI-DSS Audit (QSA Certified Auditors)
- HDS Audit ” Health Data Hosting”

Industrial and IoT Security
Strengthen the security of your industrial facilities leveraging our experience and 360° services covering technical, organizational and governance layers:
- Security risk assessment of industrial facilities
- Audit of Industrial Control Systems (ICS) security
Review and manage IoT security risks to accelerate the adoption, development and deployment of innovative security services to protect your digital enterprise.
- Integration of security throughout the IoT lifecycle
- Hardware audit
- Radio communication channels security

Training and People Engagement
Empower your employees and foster a cyber resilient culture. Orange Cyberdefense’s proprietary methodologies ensure the appropriate awareness and training needs are identified, and engaging, pragmatic projects are conceived and deployed. We offer a readily available training catalog and can also build content and formats to suit your organization’s needs.
- Our dedicated training center: Cybersecurity Training Center
- Choose from our standard training catalog or develop a bespoke solution for your organization

Cybersecurity law and regulatory compliance
Ensure compliance with legal obligations and regulations concerning data privacy and cyber security such as the General Regulation on Data Protection – GDPR and the Networks and Information Systems Directive – NIS. Conform to industry-specific regulations and requirements
- Data protection
- Regulations and contracts
- Monitoring and legal training

Cyber resilience
Define, implement and evaluate existing measures to ensure business continuity in the event of a major crisis.
- Audit of business and IT continuity systems
- Definition and implementation of crisis management governance and organization
- Business continuity drills
- Impact assessment across all sensitive assets
- Review of continuity policies and strategies (PCA / PCM / PRA / PSI …),
- Functional and technical devices deployment support

Cybersecurity engineering
Build security into your projects and prevent potential vulnerabilities from being exploited. We support you across all stages to deploy and build operational security into your development lifecycle.
- Operational support to implement the security plan
- Integration of security in IT projects
- Deployment and security control

Governance and risk management
Effectively manage security risk and deploy a solid governance. Security strategy, policies and governance are continuously evolving elements in the face of the dynamic threat and regulatory landscape. Orange Cyberdefense leverages proprietary risk management methodologies to assess organizations of different industries and maturities.
- Security governance including definition of the security organization, security strategy and master plan, general policy, dashboards and reporting
- Risk management covering definition of risk management processes, assessment and treatment methodologies, security risk analysis according to frameworks such as ISO27005, EBIOS or an internal referential, and risk remediation action plan
CISO-as-service providing a dedicated consultant to define security projects and budgets as well as training for a newcomer to the CISO function

Security Technology Consulting
Confidently choose the appropriate security solutions for your business. We support our customers in the qualification and evaluation of solutions as well as their deployment and configuration. Benefit from synergies and learning lessons from our technical teams deploying and managing technologies in customer environments, in our data centers and on the cloud. Leverage our experience operating our Cyber Security Operations Centers (CyberSOC) and Security Operations Centers (SOC).
- Digital trust covering key management, identity and access management, identity federation, digital signature, archiving, strong authentication
- Security monitoring covering SIEM, intrusion detection and prevention solutions, SOC deployment, flow analysis
- Data security and sovereignty including anonymization, tokenization, registration and encryption