CLIENT TESTIMONIAL

1- Could you briefly introduce yourself : your company, your position, your responsibilities?

 

"CountAct digitises emergency evacuation processes. We have created a mobile application, which allows security managers to control the flow during emergency evacuations.

 

And so I'm Lounis Lakhal, I'm 23 years old, and I'm the President of CountAct, which I co-founded with my brother Iliès Lakhal who is the CEO and CTO of the company."

​

​

​

2- What flash diagnosis have you performed with CyberSecura?

​

"We have carried out both types of flash diagnoses offered to start-ups, namely application cybersecurity and GDPR compliance flash diagnoses."

​

​

​

3- For what type of need did you call upon CyberSecura? What was the trigger?

 

"We were finalising a test phase with five potential future clients. Thus, launched in this co-construction dynamic, we needed to be able to anticipate all the problems linked to cybersecurity and data protection issues, but also to have recommendations for the future, in terms of cybersecurity and IT development, in order to know which tools are the most suitable, what to use and how, to develop this application.

 

So we needed to be able to anticipate these future problems that we might face the day our product is released on the market, so that we don't have to change tools, change code, so that we don't have to make all these development efforts again. These flash diagnostics finally allowed us to anticipate potential security flaws, potential vulnerabilities, and thus to initiate our application development while taking into account this aspect of cybersecurity and privacy 'by design'."

​

​

​

4- How did the diagnosis go?

​

• Duration: How would you describe the duration of the diagnosis?
  
  "1 hour is very good! It seems to me, in fact, that we didn't do the whole hour: the duration was good in our opinion." 

​

• The consultants: How would you describe the consultants you dealt with?
  
  "Very good, everything went very well. I would say that the consultants were competent, and we could easily feel their expertise in the field. Not having a technical background myself, some points were probably clearer to Iliès than to me, especially when we were talking about tools, development etc. So there was a lot of vocabulary to be used. So there was a lot of technical vocabulary that I don't really know about. That's why I think it's essential for the audience to have some technical knowledge, so that they can understand what is being said."

​

​

•  The diagnosis: How would you describe the diagnosis?
  
  "These diagnoses were very useful to us, and very structuring for the future. It allowed us to have more visibility on the next steps in our development and on the tools that we will or will not use. As for the GDPR flash diagnosis, it allowed us to consider the elements to be integrated, as well as the space of freedom that we wish to leave to the end user. All this feedback has enabled us to work on our application in this direction, and we would like to continue these efforts through longer-term support. To sum up, I would say that these diagnoses were very relevant, useful and concrete, and the exchange with the consultants was very open, which we greatly appreciated."

​

• The report: How would you describe the final report of these diagnoses?
  
  "We found the report to be very good: it contains the essentials, the pages are not too full of information, there are a few bullet points per page, with only the essential information that is useful for us. This report is a real support on which we can rely to justify the expenses that we could make tomorrow to meet these cybersecurity and data protection challenges."

​

​

​

5- How did this flash diagnosis benefit you? What did it do for you?

​

"I would talk about three aspects.

 

Firstly, internally: we know that we are providing an interesting tool, but this tool must not be intrusive in people's lives. This was the first point we wanted to discuss with the consultants during these diagnoses, for ethical reasons and to be transparent with our clients and users.

 

Users are the second point: it was necessary for us to be able to reassure our customers, the payers of this solution, about the security of their company data. This was a very important issue for us, because our customers attach great importance to these aspects of cyber security and data protection. When we explain that we have done cybersecurity and GDPR regulatory compliance diagnoses, it is very reassuring for them. Although we are not yet fully in action, we have taken this step to secure our product, which is very reassuring for our customers.

 

And finally, we needed to convince our investors, who also rightly attach enormous importance to these aspects of cybersecurity and data protection. These audits allow us to make our investors understand that our solution is secure, and correctly designed."

​

​

​

6- In your opinion, what were the strong points of this diagnosis?

​

"First of all, I would mention the technical team: you can feel that the expertise is sharp. We also greatly appreciated the kindness of the auditors. The exchanges were very constructive. Indeed, we have little visibility on certain aspects. For example, we were discussing cloud and data storage issues, when the consultants explained to us that some large French companies only agreed to outsource to service providers using French clouds. Not being in the field, we had no visibility on these elements, and yet these are aspects that could easily close doors for us.

 

I would therefore say that the strong points of this service were the relevance of the exchanges, as well as the benevolence and expertise of the consultants."

​

​

​

7- Conversely, in your opinion, what could have been improved during this performance? Did you miss anything? 

​

"Nothing was missing, only perhaps a diagnosis that was a little more adapted to developing companies like us, a more 'co-construction' diagnosis, with perhaps more purely 'informative' information and less 'audit', would have been more adapted. Indeed, some questions are not adapted to start-ups that are still developing and do not yet have a product. Which is our case: some of the questions in the diagnostic were not really adapted to our stage of development. However, we needed guidance and advice on these development issues rather than an audit. It could also be interesting to add an aspect of awareness-raising for managers, depending on the company's stage of development."

​

​

​

8- Would you recommend this type of cybersecurity and GDPR flash diagnoses to start-ups around you? For what reason(s)?

​

"Yes, we have already done it. We talk about it around us, for the relevance of the exchanges and for the expertise of the consultants.

We found these flash diagnoses very suitable for start-ups: first of all because cybersecurity and data protection are very current issues, and also because of the free aspect, which allows smaller companies like us to have 'a foot in the door' ".