By clicking on “Accept all cookies”, you agree that cookies may be stored on your device in order to improve site navigation, to analyze the use of the site and to contribute to our marketing efforts. Check out our privacy policy for more information.

Preferences
RefuseAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
icone fleche gauche
Return
icone fleche gauche
icone fleche droite
ISO 27001
Compliance
+ 2000 employees
Health

Turning ISO 27001 into a Strategic Opportunity: Testimony from Hospices Civils de Lyon

How do you turn a regulatory constraint into a catalyst for cybersecurity performance? That’s the challenge the Hospices Civils de Lyon (HCL) successfully met—with support from EGERIE—by launching a project that aligned their cybersecurity practices with ISO 27001 requirements, transforming compliance into a strategic asset rather than a mere obligation.
Béatrice Berard
Information Systems Security Officer, HCL
Bouton Lecture
Watch
The challenge

A Leading Institution, a Demanding Environment

As France’s second-largest university hospital center, the Hospices Civils de Lyon (HCL) encompasses 13 healthcare institutions and over 23,000 professionals.

Operating at the crossroads of public health, sensitive data protection, and strict regulatory requirements, HCL launched a structured initiative toward ISO 27001 certification in 2021.

The objective: achieve certification within one year on a strategically selected pilot scope.

A bold challenge—met with method, precision, and determination.

The solution

A Structured Yet Agile Approach

From the outset, the project followed a rigorous yet pragmatic strategy.

EGERIE was chosen as the central platform to manage ISO 27001 risk assessments in a centralized, collaborative manner.

Why EGERIE?

HCL quickly identified three key advantages:

– Centralized risk analysis: All information is consolidated in a single, traceable, audit-ready repository.
– Structured cyber governance: A dynamic risk map and continuous tracking of action plans strengthen day-to-day security management.
– Accelerated momentum: The platform’s functional depth—such as automated measure suggestions and prequalification questionnaires—enables faster, more scalable execution.

The result: A well-controlled project that brings clarity and agility to a complex organization.

The results

From Compliance to Continuous Governance

With EGERIE, HCL has laid the groundwork for long-term cybersecurity governance:

Conducting regular risk assessments aligned with ISO 27001 compliance

Continuously managing risks and corrective actions

Equipping decision-making bodies—executive committees, steering groups, and others—with consolidated, real-time dashboards

Preparing to scale the approach across broader scopes, including additional certifications and the NIS2 directive

“Today, EGERIE not only helps us stay compliant—it enables better risk management and actively supports our digital transformation.”

"The tool enabled us to industrialize a previously manual approach. More importantly, it helped engage business teams in the risk management process."
Béatrice Berard
Information Systems Security Officer, HCL
Key figures

Key Results

– ISO 27001 certification achieved on the pilot perimeter, followed by broader organizational deployment

– 4 platform users effectively managing the entire process– 40+ risk analyses conducted and centralized in a single repository

– 1 unified risk assessment supporting multiple frameworks (ISO 27001, HDS, NIS2, etc.)

– Widespread engagement from business teams across departments

TESTIMONIES

You may be interested in this content

Every business has its challenges. Learn how our solutions have helped our customers overcome them and strengthen their cybersecurity.

Discover the use cases
As a major player in social protection, MGEN has transformed its cyber risk management strategy by adopting Egerie as its core GRC platform. The days of complex, rigid Excel files are gone — replaced by a streamlined, continuous approach that benefits both internal teams and external auditors, particularly in the context of ISO 27001 certification.
Florian Bourdon
Antoine Duchateau
Founder and CEO @Enteprise
MGEN: Moving Beyond Excel to Professionalize Cyber Risk Management
No Excel since the start of 2024: 100% managed in Egerie
10+ potential GRC users over time
1 single tool to centralize cyber governance
ISO 27001 audit 2024: risk management cited as a key strength by the auditor
Discover the use case
A leading financial institution in France, La Banque Postale serves individuals, businesses, and the public sector with a strong commitment to security and compliance. The organization overhauled its risk analysis methodology to improve efficiency, transparency, and its overall risk culture.
François Sopin
Antoine Duchateau
Founder and CEO @Enteprise
La Banque Postale: Scaling and Industrializing Cyber Risk Management
500+ risk analyses per year
4,996+ supporting assets identified
5,702+ security safeguards mapped
1,769 risk scenarios modeled
Discover the use case
How do you turn a regulatory constraint into a catalyst for cybersecurity performance? That’s the challenge the Hospices Civils de Lyon (HCL) successfully met—with support from EGERIE—by launching a project that aligned their cybersecurity practices with ISO 27001 requirements, transforming compliance into a strategic asset rather than a mere obligation.
Béatrice Berard
Antoine Duchateau
Founder and CEO @Enteprise
Turning ISO 27001 into a Strategic Opportunity: Testimony from Hospices Civils de Lyon
ISO 27001 certification achieved on the pilot perimeter, with subsequent broader rollout.
40+ risk analyses conducted and centralized
1 unified risk assessment supporting multiple frameworks (HDS, ISO 27001, etc.)
4 platform users
Discover the use case
MGEN: Moving Beyond Excel to Professionalize Cyber Risk Management
As a major player in social protection, MGEN has transformed its cyber risk management strategy by adopting Egerie as its core GRC platform. The days of complex, rigid Excel files are gone — replaced by a streamlined, continuous approach that benefits both internal teams and external auditors, particularly in the context of ISO 27001 certification.
No Excel since the start of 2024: 100% managed in Egerie
10+ potential GRC users over time
1 single tool to centralize cyber governance
ISO 27001 audit 2024: risk management cited as a key strength by the auditor
Découvrir le cas d’usage
La Banque Postale: Scaling and Industrializing Cyber Risk Management
A leading financial institution in France, La Banque Postale serves individuals, businesses, and the public sector with a strong commitment to security and compliance. The organization overhauled its risk analysis methodology to improve efficiency, transparency, and its overall risk culture.
500+ risk analyses per year
4,996+ supporting assets identified
5,702+ security safeguards mapped
1,769 risk scenarios modeled
Découvrir le cas d’usage
Turning ISO 27001 into a Strategic Opportunity: Testimony from Hospices Civils de Lyon
How do you turn a regulatory constraint into a catalyst for cybersecurity performance? That’s the challenge the Hospices Civils de Lyon (HCL) successfully met—with support from EGERIE—by launching a project that aligned their cybersecurity practices with ISO 27001 requirements, transforming compliance into a strategic asset rather than a mere obligation.
ISO 27001 certification achieved on the pilot perimeter, with subsequent broader rollout.
40+ risk analyses conducted and centralized
1 unified risk assessment supporting multiple frameworks (HDS, ISO 27001, etc.)
4 platform users
Découvrir le cas d’usage
Discover our platform

Lorem Ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod temporincididunt ut labore and Dolore Magna aliqua.

Request a demo