BeFresh, serving its 300+ customers, is proud to announce its ISO/IEC 27001:2022 certification for its Information Security Management System (ISMS) covering all its activities including software development such as e-invoicing tools, SaaS hosting, operating of a Peppol-certified access point hosted in a private cloud in Luxembourg. Benoît Frisch, Managing Director: “I am really satisfied with how quickly we achieved this goal — in less than 6 months — including the building of an Information Security Management System (ISMS), its certification, intrusion tests, and the implementation of GDPR and NIS2 compliance. This remarkable pace was largely enabled by the security expertise of itrust consulting and the cloud security offered by Deep.” Anna Chezganova, project manager from itrust consulting, about this certification: “I was happy to apply years of experience by itrust consulting in a fast-moving project in which we reached certification only 6 months after the kick-off.” Carlo Harpes, external CISO: “Such a success is only possible thanks to the management, IT, development, and security skill of all people at BeFresh, enabling fast decision processes”. Abdessamad Kahir, lead auditor at Certi-Trust: “This was a pleasant certification audit, not only because it succeeded, but also because we were delivered proactively most required evidence and we received prompt and relevant answers to all our questions.” About BeFresh: BeFresh is a Luxembourg-based company specializing in digital transformation like ERP, CRM and invoicing as a service and the development of customized software solutions. Founded in 2019 and based in Kockelscheuer, it positions itself as a technology partner for organizations seeking to modernize their workflows, with expertise in the field of billing process automation. About itrust consulting: An 18-years-old SME from Luxembourg, specializing in Information Security Systems, helps its customers from both the public and private sectors to protect their information against any divulgation, manipulation, and unavailability. Its services are related to building, implementing, and auditing Information Security Management Systems, assessing and treating risks with its own OpenTRICK tool, deploying security experts whenever needed (SECaaS, or Security as a Service), on-request hacking of customers, handling cybersecurity incidents (See malware.lu CERT), or designing and operating security solutions for ICT such as Wazuh, RADAR, C5-DEC… About Certi-Trust: Certi-Trust is an international certification organization specializing in digital trust and regulatory compliance. The organization supports companies and government agencies in validating their management systems. Beyond certifying organizations, Certi-Trust plays a key role in the Luxembourg ecosystem, helping to… Read more »
Posts By: Ricardo Santos
Public authorities that are open to cybersecurity measures but closed to fraudsters — that is what citizens expect!
Interview with LG magazine, translation by itrust consulting. Are local authorities prepared to tackle the challenges of cybersecurity and the NIS2 Directive? How should they handle it? An interview with Lynn Pinto, DPO; Camar Houssein, SECaaS Manager; and Carlo Harpes, Managing Director of itrust consulting s.à r.l. and Chair of the (Luxembourg) Security Standards Committee. How have public authorities been preparing for this new challenge? Carlo: The text of the NIS2 Directive has been published since 2022; Luxembourg has opted for a transposition that is as simple and minimalist as possible; all entities involved in public procurement are covered; they will be required to manage cybersecurity risks, report their dependencies and security status as well as the outcome of their risk assessment to ILR. In addition, they must report incidents and, if necessary, will receive instructions from ILR on how to manage risks. Minister Léon Gloden encouraged them to take this challenge seriously and not to wait for the law to come into force before preparing. The day after the vote, each entity must have an approved risk analysis demonstrating that it has found the right balance between investing in security measures and accepting residual risks; they must regularly submit improvement plans to ILR too. What remains to be done by the organizations? Camar: We agree with ILR that the NIS2 Directive requires nothing more than a designated security officer. However, it imposes a human resources security policy, a (formalized) access and asset management – that is to say, an inventory, with classification and assignment of responsibilities for these assets – and, most challenging of all, a risk assessment and management process that takes into account current norms, which are virtually unknown in the sector. We can easily train someone to assess risks, but such assessment remains uncertain, even for an expert. My manager always says that conducting a risk analysis is an art rather than a science, as this process must produce well-reasoned and ‘reproducible’ results. Do organizations that are already GDPR-compliant have a head start? Lynn: Clearly yes, and yet we still come across organizations that are badly prepared: with no record of processing activities, or incomplete ones; with no privacy notice easily available to data subjects; despite the law having been in force for seven years and the CNPD having hired over 60 officials to monitor and provide guidance. Recently, we have again come across municipal secretaries… Read more »
Simplify DORA, GDPR, and ISO Standards Management with Extracted Excel Tables
itrust consulting in collaboration with CyFORT launched its Standards Distribution Initiative, aimed at providing standards file and other helpful files in Excel format. These files are designed for seamless integration with popular open-source tools like Ariana and OpenAriana, OpenTrick. The initiative enables organizations to easily generate policies, conduct risk assessments, perform audits, and more, all while leveraging the power and flexibility of open-source solutions. By offering standards in a standardized Excel format, itrust consulting simplifies the process of aligning with international standards and enhances the effectiveness of risk management and compliance activities. This initiative supports a wide range of applications, ensuring that businesses can efficiently manage their ISO-related tasks using the tools they know and trust. Click for downloading free to use excel files Click here for submitting a webform to request ISO/IEC standards file by license holders


