ElevenPaths Acquires GesConsultor

ElevenPaths, innovative security solutions specialist for Telefónica, has acquired technology from GesConsultor the leading Governance, Risk & Compliance (GRC) platform in Spain, including its Gesdatos privacy module. This platform manages the legal requirements for safety and risk management of an organisation, in a unified and efficient way, integrating and orchestrating its key processes around three strategic areas: Corporate Governance, Risk Management and Regulatory Compliance.

With the integration of GesConsultor, ElevenPaths enriches its portfolio of Managed Security services to provide a GRC solution using its own technology, which will have a high growth potential and which it previously covered using third party solutions. To this end, the company has incorporated the solution development team into its workforce.

This solution will be sold as part of Telefónica’s security services offer through all local operators, and via its Premium Distributor, GOVERTIS (the newly rebranded founding company behind the GesConsultor platform), along with other specialised services as the solution rolls out, in full compliance with international standards and best practice.

There are currently more than 10,000 organisations which are managed via the Regulatory Compliance platform, and more than 180 associate partners using the solution. It has been widely implemented in Spain and is now expanding into Latin America. The solution helps organisations in the public and private sectors, which are currently facing enormous challenges, in the running of their production and support processes. They must ensure their safety, properly manage risk, comply with internal policies and obligations imposed on them by legislators, regulators and customers, and direct the whole organisation to meet the objectives set.

This requires the use of tools which will enable them to manage these needs, and requires professional experts who will use these tools in a way as to transform the organisation. The solution provides the following high-level functions:

• Enterprise Architecture Modelling, offering a true representation of the organisation, providing the level of detail required for Risk Management and Regulatory Compliance, and to specify organisational structures, information systems and the infrastructure required to operate them, for services and business processes.
• Centralisation of Information on Regulatory Compliance, in order to manage the governing measures arising from multiple requirements of the legislative (Organic Law on Data Protection, the Spanish Security Guidelines, the Spanish Interoperability Guidelines, Critical Infrastructure, etc.), international standards (ISO 27001, ISO 27002, ISO 20000, ISO 22301, PCI-DSS, etc.), and industry regulatory frameworks or the organisation’s own.

• Risk Management, incorporating a risk processing engine based on ISO 31000 with full support for frameworks such as ISO 27005, NIST SP 800-30 or COBIT 5 for Risk.  In addition, it has a specific module for the MAGERIT methodology, aligned with National Security Guidelines and Critical Infrastructure legislation based on the PILAR application.