isotopic.fr

What It Is

Isotopic is a France-based cybersecurity consulting provider serving PME and ETI companies—that is, small, medium-sized, and mid-market businesses. Its focus is on “shared RSSI/DSI” services, governance, compliance, risk management, and crisis exercises. The website clearly emphasizes that SMEs are frequent attack targets but often lack resources and specialist expertise, so its value lies not in selling a single security tool, but in helping companies build an actionable cybersecurity management framework.

Core Capabilities and Protection Scope

In terms of protection type, Isotopic is more of a management and consulting-led security service. It covers compliance work such as ISO 27001, NIS2, RGPD, homologation, as well as audit preparation, drafting policies and security charters, risk identification, impact analysis, response planning, security awareness training, and cyber crisis exercises. Its methodology mentions EBIOS RM and also recognizes risk analysis approaches such as ISO27005, Mehari, and FAIR. Delivery is closer to an expert consulting engagement: assessing maturity, defining a roadmap, preparing documentation, supporting implementation, and managing change, rather than providing a SaaS or on-premise technical product.

Pricing and Delivery

The main public pricing is for “Formule R³”: a 3-day engagement to assess cybersecurity maturity, identify risks and business impacts, and propose an action plan to reduce risk, priced at 3000 euros. This is a clear entry-level price for SMEs that want to kick-start security governance quickly, lowering the barrier to procurement decisions. However, pricing for other services such as long-term RSSI support, compliance remediation, training, and crisis exercises is not disclosed and requires direct consultation.

Pros and Cons

Its strengths are clear positioning and a service design tailored to the needs of PME/ETI companies in the French and EU regulatory context. The founder’s background includes ex-ANSSI, CISSP, and ISO27001 LI credentials, which adds professional credibility. The service chain covers diagnosis, roadmap planning, documentation, and exercises, making it suitable for companies without a mature in-house security team. The limitations are that the website does not show customer cases, citing security confidentiality; and there is no visible SOC, EDR, vulnerability scanning, SIEM integration, or real-time alerting capability, so it should not be regarded as a technical monitoring platform.

Who It Is For and Access from China

It is suitable for SMEs operating in France or the EU that need preparation for NIS2, RGPD, or ISO 27001 compliance, as well as organizations that need temporary or shared RSSI/DSI support. Access from China, payment methods, and Chinese-language support are not disclosed, so these are considered unknown. If a company mainly operates in China, it may be better to first compare local compliance and security service providers such as DBAPPSecurity, NSFOCUS, Venustech, and Qi An Xin.