Our consulting activities are extremely varied. They may concern the implementation of a security management policy, an expert mission on electronic signatures, electronic voting issues, risk analysis missions, drafting of specifications (cybersecurity annexes), etc.

Consultancy & Expertise

Our OPPIDA consultants also provide project management assistance on a number of complex projects:

  • Security architecture studies
  • The creation of security files integrating the functional and technical specifications relating to cyber security for a system to be designed or already in production
  • Assistance in the development of cybersecurity requirements for a specification, and then in the analysis of the requirements
  • Assistance with the integration and validation of ISS devices

Risk analysis


Risk analyses are generally conducted according to the EBIOS® method, in its latest Risk Manager version, recommended by the ANSSI.


Depending on our clients' expectations, other methods may also be used:

  • Mehari
  • Proprietary method
  • Risk analysis methods based on the ISO 27000 family of standards

 Assistance with the approval of systems


We intervene, at various stages, with state and industrial partners for assistance with the approval of systems or interconnections, both in a national and international context (NATO, EU):

  • Formalisation of security requirements through EBIOS studies in the context of drafting a FEROS (Fiche d'Expression Rationnelle des Objectifs de Sécurité) or a SSRS (System-specific Security Requirement Statement)
  • Assistance at various stages of the design process (response to calls for tender for detailed design)
  • Preparation of approval files according to the chosen approach and the ad hoc reference system: SH, PDS, PES (secOps), PDT, FSSR...; SISRS (interconnections), SecOps...
  • Drafting of summary notes and presentation to the approval authorities

 Information security management


Oppida's objective, through a structured approach to information security management, is to enable its clients to achieve the right level of security, on the right information and systems, at the right time and at the right cost.


To this end, OPPIDA performs ISMS audits (ISO 27001), PASSI LPM qualified audits or customised audits.



Oppida is an approved training organisation (Declaration of activity registered under number 11 78 80 769 78 with the Ile de France regional prefect).

We believe that effective training must be adapted to the needs, objectives, vocabulary and profession of the organisation and its staff. This is why we carry out "tailor-made" training, on our clients' premises and on real projects, in order to be as close as possible to the trainees' field problems.


Oppida's interventions cover 2 aspects

  • Training

Although our catalogue is constantly evolving, we currently offer training in security management, Common Criteria, defence regulations, IS practices and standards (EBIOS, 27000 family standards, PCI-DSS, etc.), network security, attack techniques, specific technologies implementing security mechanisms, etc.


  • Raising awareness of IT risks

This training is aimed at all actors within an organisation:

  • Decision-makers with information sessions on the impact of new threats and the legal responsibilities for the company
  • Users of the information system: information on the reality of the risks, the duties of each person to protect the company. In addition, we carry out demonstrations of attacks during a session


choose Oppida?


A "tailor-made" offer

Expertise, assessment and consulting services to manage your digital risks.

A trusted third party

The approvals and accreditations obtained are all guarantees that help to ensure the absence of external pressure and the confidentiality of the work carried out.

Recognised expertise

Oppida is PASSI LPM qualified "information systems security audit providers qualified for national security purposes".