SEPUR: Gap analysis and NIS2 compliance

Find out how Netsystem supported SEPUR with an NIS2 gap analysis, followed by a NIS2 compliance program.

Context & objectives

Sepur is a French company with 3800 employees, specialized in waste collection, sorting and recovery. With 60 years’ experience, the company’s size and sector of activity make it a “Major Entity” under the criteria of the European NIS2 directive, and it must therefore comply with the requirements of the NIS2 regulations.

Business challenge

Objectives:

  • Make NIS2 compliance a real competitive advantage and a guarantee of stability for Sepur
  • Increase the cyber maturity of the information system

Challenges:

  • At the time of our intervention, Sepur was in the midst of restructuring and modernizing its IT assets, so we had to be agile and adapt to Sepur’s constraints.
  • The profiles of IS users were very varied, so training and awareness-raising had to be adapted to the organization’s different profiles.
Response & method
  • NIS2 gap analysis (measurement of deviations from NIS2 regulations)
  • Support for SEPUR’s NIS2 compliance program
    • CISO as a Service (Netsystem acts as Sepur’s outsourced CISO)
    • Implementation of the Roadmap
    • Raising management awareness (in collaboration with Nicolas Courtier, a lawyer specializing in contractual engineering and digital law)
    • Review of third parties in the NIS2 sense
    • Raising staff awareness of cyber risks
Key success factors
  • Netsystem’s NIS2 expertise.
  • Trusting relationship with the Sepur team.
  • Strong involvement of Sepur management.
  • Professional and rigorous communication.
Related Case Studies