Already ISO 27001 certified, STIR, the Tunisian Refining Industries Company called on AFNOR Tunisia to optimize its information systems management through use of a key tool: Progys. Feedback from Mourad Oueridiane, Central Governance Director, and Borhane Dridi, Information Systems Manager.
You chose to adopt a management solution for your information systems. What were the reasons?
STIR is an organization with 600 employees which plays a strategic role in the Tunisian economy. It serves 50% of the national market for petroleum product refining operations. In 2017 when we obtained ISO 27001 certification for our information security management system, an observation emerged: the volume of documented information accumulated over three years, on paper and on various digital media, required control by management software integrated into the ISMS. In the period leading up to our renewal audit, in October 2020, we opted for the Progys solution.
What is the added value of Progys?
Progys provides an overall vision of the information management system and enables controlled and effective management. And this facilitates decision making. Its interface is presented in the form of several modules. The first is a document management module. It gives a centralized overview of all the required documents. The audit management module displays the audit schedule and results which can be correlated with the relevant corrective actions and management of legal and regulatory compliances and non-compliances. The solution provides an appropriate methodological framework for constructing continuity plans based on identified key risk scenarios. Risk management is of course one of the fundamental elements of management systems in general, and more especially as regards information systems management. Progys enables dynamic identification of assets and related risks and introduces the concept of “unmanaged risks”.
Is the tool also used during the renewal audit?
Yes, Progys has proved very useful for facilitating our communication with auditors and with the IS department teams, since it’s a database that we all share. At STIR, 200 of us have access to the interface! The tool has enabled us to quickly edit multi-criteria reports in order to answer auditors’ questions.
Is the tool easy to use? Yes, the interface is user-friendly, ergonomic and simple to operate. AFNOR IT Engineering, a subsidiary of AFNOR Tunisia, provided support to help us learn about the main features. Information in a centralized database, automatic document editing, risk assessment effectively integrated with the continuity plan – all of this has resulted in immense time-saving and efficiency benefits.