CLIENT TESTIMONIAL

1- Could you briefly introduce yourself: your company, your position and your responsibilities?

​

"I'm Batiste Roger, Technical Director of Odonatech, a company that develops technologies for savers and financial advisers.

​

At Odonatech, we're committed to reinventing customer relations, particularly around wealth management advice. We're trying to make this area of activity more human, to ensure that it takes a genuine interest in people, so as to enable other discussions in financial advice, and in particular discussions that are much less focused on the 'product' and technical nature of things, but designed to really improve people's lives."

 

 

​

2- For what type of need did you call on CyberSecura? What was the trigger?

​

"We called on CyberSecura for cybersecurity and GDPR compliance services. Stéphane, the head of Odonatech, had already worked with CyberSecura in the past. This year, we decided to set up a partnership to provide outsourced CISO services as well as outsourced DPO services. 

​

All this is linked to a stage of development at Odonatech: we're moving to a slightly more advanced stage of development. We are currently a company with 10 employees, working with leading financial institutions. So it's vital for us to be able to demonstrate our reliability and rigour in all aspects of cybersecurity and regulatory compliance with the GDPR. We needed to take things up a notch, and CyberSecura is the right partner for that. 

​

Previously, we had worked with CyberSecura through cybersecurity audit services: Saghar had come in to test a software brick. With this outsourced CISO service, she is now involved in all aspects of Odonatech's IT security.

​

The work carried out on the GDPR side, in collaboration with Marine, is much the same. We've delegated all Odonatech's GDPR compliance actions to Marine, who I supervise in the same way as the CDO of a bank. 

​

The aim of this support is to be able to work with financial institutions, and to be able to prove to them that they can trust us, and that we are able to offer the same high level of security as they do for their own customers. 

​

For a start-up like us, this is a very challenging aspect. That's why we chose to work on these issues with professionals, because we weren't in a position to manage them internally with the same level of expertise."

 

 

​

3- Why did you choose to entrust these missions to CyberSecura rather than to someone else?

​

"The main reason we chose CyberSecura was that we already knew each other, since CyberSecura had already been involved in carrying out a cybersecurity audit. We knew each other and were satisfied with the service we received, so there was no reason to change service providers.  

 

What's more, it was also a question of word-of-mouth: we work closely with another company that is also a CyberSecura customer, and their feedback confirmed the good impression we had of the quality of the services."

 

 

​

4- Did you have any fears before setting up the project?

​

"I don't think we had any particular fears. 

 

Despite everything, the main difficulty for us remains financial: we're a small start-up, we operate with little margin, so the decision to invest so much to delegate the cybersecurity and GDPR compliance aspects was a particularly structuring decision for Odonatech. 

 

But once we'd made the decision, we knew we'd be working with the right people, and that's been confirmed!"

 

 

​

5- In your opinion, what are the challenges facing your business today?

​

"The main challenge in the financial sector is to generate trust. Individuals can be genuinely distrustful of financial institutions for a number of reasons: because they don't feel they are reaping the full benefits of the financialisation of the world, because new ecological challenges are emerging and they don't know to what extent the institutions they work with are up to the task of meeting these challenges, and so on. 

 

So there is a real issue of trust and reputation. 

 

As our job is to meet this challenge of trust (in terms of consultancy), we have to be consistent, and be beyond reproach in terms of security and GDPR."

 

 

​

6- How would you describe the work carried out by CyberSecura and its team, in just a few words?

 

"I'd say "complete", in the sense that there's a real concern not to leave any blind spots. I'd also say 'methodical', 'rhythmic' and 'expert'.

 

 

​

7- What are the results of this collaboration?

 

"As far as the GDPR is concerned, it's still a little early to measure any results, for the simple reason that the first major aspect of this support, namely the drafting of data processing forms, is still in progress.

 

However, on the cybersecurity side, the results of our collaboration with CyberSecura are already much more tangible (mainly because the deliverables are delivered more quickly). For example, we have put in place a back-up system that is much more robust than before. Today, I'm much more confident about the reliability and resilience of our backup system. I now know that if an IT security incident were to occur, we would be able to continue working normally.

 

 

​

8- What did you appreciate the most in the solution provided by CyberSecura?

 

"In my case, I found that being able to call on a single service provider for cybersecurity and GDPR compliance was a real plus. Firstly for confidentiality reasons: I'm reassured by the fact that I only have to share my information with a single service provider (because we're talking about sensitive information, the disclosure of which could put us at risk), but also because this means that certain aspects with significant intersections can be dealt with together. For example, the personal data management policy is an GDPR compliance issue, but it is also an IT security issue. For all these reasons, having a single point of contact for both cyber security and GDPR compliance has been a real plus."

 

 

​

9- Conversely, were there any elements that you missed? How could we have improved?

​

"Quite honestly, I don't really see what we could be doing better at the moment. There is one thing, but it will surely come in time because it's part of your offer: everything to do with your macaroons. 

 

We think it could be very relevant for us to use these badges in a way that enhances our efforts in cybersecurity and GDPR compliance."

 

 

​

10- What advice would you give to companies facing the same problem / having the same project as you? 

 

"I think it's first of all necessary to understand which aspects can be managed internally, and which will require outside help.

 

In any case, that's what we thought at Odonatech: "What can we handle internally? And what aspects do we need support with?"

 

Personally, I'm very happy with the decision we took to have support, because the 'outsourced time-sharing' mode works very well. 

 

What's more, although I already have a pretty solid grounding in data governance and GDPR compliance, I can really see the added value of having an expert outsourced DPO. The same applies to cybersecurity, with the outsourced CISO service: it saves us a lot of time! There are lots of things that we don't need to re-invent because you already have templates and procedures for everything. 

 

I really appreciate being able to compare notes with experts, especially when it comes to subjects I already know something about: the fact that I can talk to experts is really valuable.  

 

So for a small company like ours, operating in a sector as similar or as demanding as the financial sector, I'd recommend time-sharing, which I think is a really great solution."

 

 

​

11- Would you recommend CyberSecura to others? Yes / No, for what reason(s)?

​

"Perfectly, and I would recommend CyberSecura for this reason: for its outsourced, time-sharing mode of operation, which is particularly well suited to small organisations like ours. 

 

What's more, I'm very happy with the support we've had so far.

 

So yes, I would recommend your company and your expertise, even if it means a major investment, because it represents a real benefit in the short term, but especially in the long term. 

 

Mastering these security and compliance issues, and the high standards we set, are truly part of the value of a company like ours."