En cliquant sur "Accepter tous les cookies", vous acceptez que des cookies soient stockés sur votre appareil afin d'améliorer la navigation sur le site, d'analyser l'utilisation du site et de contribuer à nos efforts de marketing. Consultez notre politique de confidentialité pour plus d'informations.

Préférences
RefuserAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
icone fleche gauche
Return
icone fleche gauche
icone fleche droite
ISO 27001
Compliance
+ 2000 employees
Health

Turning ISO 27001 into a Strategic Opportunity: Testimony from Hospices Civils de Lyon

How do you turn a regulatory constraint into a driver for cybersecurity performance? That’s the challenge the Hospices Civils de Lyon (HCL) successfully met, with Egerie’s support, through a project that aligned their cybersecurity practices with the requirements of the ISO 27001 standard—making it much more than just a compliance exercise.
Béatrice Berard
Information Systems Security Officer, HCL
Bouton Lecture
Watch
The challenge

A Leading Institution, a Demanding Environment

As the second-largest university hospital center in France, the HCL group includes 13 healthcare institutions and more than 23,000 professionals.

At the intersection of public health, sensitive data protection, and regulatory compliance, HCL launched a structured approach toward ISO 27001 certification in 2021.

Their goal: Achieve certification within a year across a strategic pilot perimeter.

A bold challenge, tackled with method and determination.

The solution

A Structured Yet Agile Approach

From the outset, the project emphasized a rigorous but pragmatic strategy:

Egerie was selected as the core platform to manage ISO 27001 risk assessments in a centralized and collaborative manner.

Why Egerie?

HCL quickly identified three key benefits:

Centralized risk analysis: All information is documented in a single, traceable, audit-ready repository.

Structured cyber governance: A dynamic risk map and continuous action plan tracking help reinforce day-to-day security management.

Accelerated momentum: The platform’s functional richness (automated measure suggestions, prequalification questionnaires…) allows for faster, more scalable execution.

The result: A controlled project that brings agility and clarity to a complex organization.

The results

From Compliance to Continuous Governance

With Egerie, HCL laid the foundations of long-term cyber governance:

Conduct regular ISO 27001 compliance risk assessments

Continuously manage risks and corrective actions

Equip decision-making bodies (executive committees, project steering, etc.) with consolidated dashboards

Prepare for the expansion of the approach to broader scopes (additional certifications, NIS2 framework, etc.)

“Today, Egerie not only helps us stay compliant, it also enables better risk management and supports our digital transformation.”

The tool allowed us to industrialize an approach that had previously been very manual. More importantly, it helped us get business teams involved in risk management.
Béatrice Berard
Information Systems Security Officer, HCL
Key figures

ISO 27001 certification achieved on the pilot perimeter, followed by broader deployment

4 platform users

40+ risk analyses conducted and centralized

1 unified risk assessment supporting multiple frameworks (HDS, ISO 27001, etc.)

Widespread involvement from business teams

TESTIMONIES

You may be interested in this content

Every business has its challenges. Learn how our solutions have helped our customers overcome them and strengthen their cybersecurity.

Discover the use cases
Founder and CEO @Enteprise
We all know there’s no business without risk. But we must be able to give business teams the right information so they can make the right decisions. And that’s exactly what we’re doing with Egerie.
François Sopin
François Sopin
Founder and CEO @Enteprise
The tool allowed us to industrialize an approach that had previously been very manual. More importantly, it helped us get business teams involved in risk management.
Béatrice Berard
Béatrice Berard
Founder and CEO @Enteprise
What’s great about Egerie is how everything is connected. If we change something at the beginning of the analysis, the whole chain updates automatically. It saves us a huge amount of time and makes our work much more relevant.
Florian Bourdon
Florian Bourdon
Founder and CEO @Enteprise
icone fleche gauche
icone fleche droite
Leader européen des services multi-techniques, SPIE a industrialisé sa démarche de conformité et renforcé sa résilience cyber en s’appuyant sur la plateforme EGERIE pour piloter efficacement ses risques et ses vulnérabilités.
A leading financial institution in France, La Banque Postale serves individuals, businesses, and the public sector with a strong commitment to security and compliance. The organization overhauled its risk analysis methodology to improve efficiency, transparency, and its overall risk culture.
How do you turn a regulatory constraint into a driver for cybersecurity performance? That’s the challenge the Hospices Civils de Lyon (HCL) successfully met, with Egerie’s support, through a project that aligned their cybersecurity practices with the requirements of the ISO 27001 standard—making it much more than just a compliance exercise.
As a major player in social protection, MGEN has transformed its cyber risk management strategy by adopting Egerie as its core GRC platform. The days of complex, rigid Excel files are gone — replaced by a streamlined, continuous approach that benefits both internal teams and external auditors, particularly in the context of ISO 27001 certification.

Discover our platform

Lorem Ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod temporincididunt ut labore and Dolore Magna aliqua.

Request a demo