Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
16 February 2024

Traceability in the French Nuclear Industry on SAP: Compliance and Cybersecurity

The French nuclear industry is subject to strict standards and regulations regarding traceability to ensure the safety and reliability of its activities. ISO 19443 and the French Cyber Maturity Framework are authoritative in this area. 

Many industrial players have chosen SAP software to organize their processes. 

 

What is ISO 19443? 

ISO 19443 is an international standard that aims to define quality management system requirements for organizations operating in the nuclear sector. More specifically, this standard seeks to enhance the quality, safety, and reliability of nuclear industry-related activities by establishing a robust quality management framework. 

ISO 19443 applies to organizations involved in various aspects of the nuclear industry, such as design, manufacturing, construction, operation, maintenance, and decommissioning of nuclear facilities. The main objectives of this standard include: 

  • Ensuring nuclear safety: ISO 19443 aims to ensure that organizations adhere to the highest safety standards to minimize risks associated with nuclear energy. 
  • Improving product and service quality: The standard promotes the adoption of quality management processes to ensure that products and services provided in the nuclear field meet the strictest quality standards. 
  • Promoting regulatory compliance: ISO 19443 helps organizations comply with applicable national and international regulations and standards in the nuclear industry. 
  • Encouraging continuous improvement: The standard urges organizations to implement continuous improvement mechanisms for their processes and quality management systems to ensure consistently high performance. 
  • Strengthening the quality and safety culture: ISO 19443 fosters the creation of an organizational culture focused on quality, safety, and accountability by involving all personnel in the improvement process. 

ISO 19443 aims to establish a rigorous quality management framework for the nuclear industry, focusing on safety, quality, regulatory compliance, and continuous improvement. It seeks to ensure that organizations operating in this sector do so responsibly and reliably to minimize the risks associated with nuclear energy. 

This standard applies to major contractors and cascades down to all subsequent tiers of suppliers. 

 

But then, what is the Cyber Maturity Framework? 

The main goal of the Cyber Maturity Framework is to enhance the cybersecurity of organizations by assessing their readiness and maturity level in facing cyber threats and risks. It is a reference framework that enables organizations to measure their ability to protect against cyber-attacks and manage cybercrime-related risks. Its main objectives of the Cyber Maturity Framework include: 

  • Assessing Cyber Maturity: The framework enables organizations to perform an assessment of their cybersecurity maturity. It allows them to understand where they stand in their ability to detect, prevent, and respond to cyber threats. 
  • Identifying Weaknesses: Using the framework, organizations can identify their cybersecurity gaps and weaknesses. This includes pinpointing potential vulnerabilities and weak points in their security systems and practices. 
  • Establishing Improvement Plans: Once weaknesses are identified, organizations can develop specific improvement plans to strengthen their cybersecurity. The framework helps prioritize the necessary actions to achieve a higher maturity level. 
  • Strengthening Cybersecurity Governance: The framework promotes the establishment of strong cybersecurity governance within organizations. It defines clear responsibilities and encourages security awareness at all levels. 
  • Adapting to Emerging Threats: Cybersecurity is an ever-evolving field. The framework assists organizations in adapting to emerging cyber threats by implementing appropriate monitoring and response mechanisms. 
  • Facilitating Regulatory Compliance: For many companies, compliance with cybersecurity regulations is mandatory. The Cyber Maturity Framework can help demonstrate compliance to regulatory authorities. 

The RMC effectively contributes to the trust chain between stakeholders, providing good visibility on the maturity of organizations and is not as burdensome as ISO 27001. Furthermore, being French, organizations do not need to submit their information systems to audits conducted by foreign companies, which limits the risks of interference or industrial espionage and contributes to the goals of industrial sovereignty. 

 

How to Break Down Barriers Between Your SAP & Security Teams? 

Information system security involves securing SAP if it is at the heart of business processes. Turnkey Consulting celebrates 20 years of expertise in SAP security. 

Whether or not you are pursuing ISO 27001 certification, you have likely implemented (or begun to implement) a SIEM. This software, which centralizes your security alert logs, is initially blind regarding what is happening within SAP. 

We have identified several solutions that allow for the selection of significant security incidents from SAP and their escalation to your SIEM. Thus, your cyber teams—who may not necessarily have SAP skills—can still receive and handle incidents originating from your ERP. 

Not sure where to start? 

We assist in evaluating your cyber maturity by conducting a detailed technical audit of your SAP landscape, identifying vulnerabilities in your installed modules, protection deficiencies, overrides, and backdoors in your ABAP programs, and if necessary, implementing a robust and efficient authorization management process to maintain control over the confidentiality, integrity, and availability of your data.