Expertise › Information security
Secure · Information security
HEMC supports public and private organizations in achieving ISO/IEC 27001:2022 and ISO 22301 compliance. Proven expertise across the Moroccan public sector (Water Basin Agencies) and major European accounts.
SURGING CYBER RISKS
Cyberattacks against Moroccan companies have doubled in 2 years. An unanticipated incident can paralyze your operations for weeks.
REINFORCED LAW 09-08
The CNDP now requires concrete evidence of compliance for the protection of personal data. ISO 27001 is the recognized reference framework.
REQUIREMENTS FROM PRINCIPALS
Large companies and international donors (GIZ, World Bank, EU) impose ISO 27001 as a contractual prerequisite.
Information security management system
References: ABH Sebou · ABH Guir-Ziz-Rhéris · SIONT
Business continuity management
References: ABH Sebou · ABH Guir-Ziz-Rhéris
HEMC relies on a PRINCE2 + Agile framework, refined through the missions delivered for the Hydraulic Basin Agencies (Sebou, Guir-Ziz-Rheris).
FRAMING & PRELIMINARY ANALYSIS
Project plan (Gantt, WBS) · Scope · Stakeholders · Governance
RISK ANALYSIS
Asset identification · Questionnaires and checklists · Vulnerability assessment
TREATMENT PLAN
Risk register · Treatment measures · Analysis matrix
CONTINUITY PLAN
BCP · DRP · Documentary reviews · Workshop validation
TESTS & AWARENESS
Continuity tests · Training · Session facilitation
FRAMING & PRELIMINARY ANALYSIS
Project plan (Gantt, WBS) · Scope · Stakeholders · Governance
RISK ANALYSIS
Asset identification · Questionnaires and checklists · Vulnerability assessment
TREATMENT PLAN
Risk register · Treatment measures · Analysis matrix
CONTINUITY PLAN
BCP · DRP · Documentary reviews · Workshop validation
TESTS & AWARENESS
Continuity tests · Training · Session facilitation
MOROCCO SPECIFICITY
Law 09-08 on the protection of individuals with regard to the processing of personal data imposes strict obligations on Moroccan organisations: declaration to the CNDP, consent, right of access, technical security.
HEMC supports you with:
Full 5-phase PRINCE2 mission: ISMS + Business Continuity Plan for the Hydraulic Basin Agency.
Risk analysis, RTP, security policy, internal audit and certification preparation.
ISMS rollout to meet the supplier referencing requirements for a major account (Europe).
A 30-minute conversation is enough to frame your information security and business continuity challenges.