Corporate Social Responsibility (CSR) now extends far beyond environmental and social issues to also encompass security and cybersecurity. In this context, the Sapin law and ISO 27032 are essential pillars for strengthening the compliance and resilience of organisations in the face of digital threats.

The Sapin law: transparency and the fight against corruption

Adopted in 2016, the Sapin II law is mainly aimed at strengthening transparency and fighting corruption within French companies. In particular, it requires companies with more than 500 employees and a turnover of more than 100 million euros to implement a compliance programme, including a code of conduct, risk mapping and an internal whistleblowing system. In terms of cybersecurity, this law encourages the protection of sensitive data and the prevention of fraud risks, thus contributing to a more comprehensive CSR approach.

ISO 27032: A standard dedicated to cybersecurity

ISO 27032, on the other hand, provides a specific framework for security in cyberspace. It complements the information security management system (ISO 27001) by focusing on the protection of critical infrastructure, incident management and international cooperation. This standard helps companies identify and manage cyber risks, thus ensuring greater resilience in the face of growing digital threats.

Combining legal compliance and CSR performance

By combining the requirements of the Sapin law with the best practices of the ISO 27032 standard, companies can not only comply with legal obligations but also strengthen their CSR approach. By adopting a proactive approach to cybersecurity, they not only protect their data but also contribute to a more secure digital environment, which benefits society as a whole.

For more news, click here

Image source: kaitlyn-baker – Unsplash