Traceability in the French Nuclear Industry on SAP: Compliance and Cybersecurity

The French nuclear industry is subject to strict standards and regulations regarding traceability to ensure the safety and reliability of its activities. ISO 19443 and the French Cyber Maturity Framework are authoritative in this area. 

Many industrial players have chosen SAP software to organize their processes. 

What is ISO 19443? 

ISO 19443 is an international standard that aims to define quality management system requirements for organizations operating in the nuclear sector. More specifically, this standard seeks to enhance the quality, safety, and reliability of nuclear industry-related activities by establishing a robust quality management framework. 

ISO 19443 applies to organizations involved in various aspects of the nuclear industry, such as design, manufacturing, construction, operation, maintenance, and decommissioning of nuclear facilities. The main objectives of this standard include: 

• Ensuring nuclear safety: ISO 19443 aims to ensure that organizations adhere to the highest safety standards to minimize risks associated with nuclear energy. 
• Improving product and service quality: The standard promotes the adoption of quality management processes to ensure that products and services provided in the nuclear field meet the strictest quality standards. 
• Promoting regulatory compliance: ISO 19443 helps organizations comply with applicable national and international regulations and standards in the nuclear industry. 
• Encouraging continuous improvement: The standard urges organizations to implement continuous improvement mechanisms for their processes and quality management systems to ensure consistently high performance. 
• Strengthening the quality and safety culture: ISO 19443 fosters the creation of an organizational culture focused on quality, safety, and accountability by involving all personnel in the improvement process. 

ISO 19443 aims to establish a rigorous quality management framework for the nuclear industry, focusing on safety, quality, regulatory compliance, and continuous improvement. It seeks to ensure that organizations operating in this sector do so responsibly and reliably to minimize the risks associated with nuclear energy. 

This standard applies to major contractors and cascades down to all subsequent tiers of suppliers. 

But then, what is the Cyber Maturity Framework? 

The main goal of the Cyber Maturity Framework is to enhance the cybersecurity of organizations by assessing their readiness and maturity level in facing cyber threats and risks. It is a reference framework that enables organizations to measure their ability to protect against cyber-attacks and manage cybercrime-related risks. Its main objectives of the Cyber Maturity Framework include: 

• Assessing Cyber Maturity: The framework enables organizations to perform an assessment of their cybersecurity maturity. It allows them to understand where they stand in their ability to detect, prevent, and respond to cyber threats. 
• Identifying Weaknesses: Using the framework, organizations can identify their cybersecurity gaps and weaknesses. This includes pinpointing potential vulnerabilities and weak points in their security systems and practices. 
• Establishing Improvement Plans: Once weaknesses are identified, organizations can develop specific improvement plans to strengthen their cybersecurity. The framework helps prioritize the necessary actions to achieve a higher maturity level. 
• Strengthening Cybersecurity Governance: The framework promotes the establishment of strong cybersecurity governance within organizations. It defines clear responsibilities and encourages security awareness at all levels. 
• Adapting to Emerging Threats: Cybersecurity is an ever-evolving field. The framework assists organizations in adapting to emerging cyber threats by implementing appropriate monitoring and response mechanisms. 
• Facilitating Regulatory Compliance: For many companies, compliance with cybersecurity regulations is mandatory. The Cyber Maturity Framework can help demonstrate compliance to regulatory authorities. 

The RMC effectively contributes to the trust chain between stakeholders, providing good visibility on the maturity of organizations and is not as burdensome as ISO 27001. Furthermore, being French, organizations do not need to submit their information systems to audits conducted by foreign companies, which limits the risks of interference or industrial espionage and contributes to the goals of industrial sovereignty. 

How to Break Down Barriers Between Your SAP & Security Teams? 

Information system security involves securing SAP if it is at the heart of business processes. Turnkey Consulting celebrates 20 years of expertise in SAP security. 

Whether or not you are pursuing ISO 27001 certification, you have likely implemented (or begun to implement) a SIEM. This software, which centralizes your security alert logs, is initially blind regarding what is happening within SAP. 

We have identified several solutions that allow for the selection of significant security incidents from SAP and their escalation to your SIEM. Thus, your cyber teams—who may not necessarily have SAP skills—can still receive and handle incidents originating from your ERP. 

Not sure where to start? 

We assist in evaluating your cyber maturity by conducting a detailed technical audit of your SAP landscape, identifying vulnerabilities in your installed modules, protection deficiencies, overrides, and backdoors in your ABAP programs, and if necessary, implementing a robust and efficient authorization management process to maintain control over the confidentiality, integrity, and availability of your data.