Case Study: Cegedim achieves robust vulnerability management and regulatory compliance with Qualys Cloud Platform

Cegedim Tackles Vulnerability Management and Compliance

Cegedim is a global technology and services group (8,000 employees in 80+ countries) that hosts sensitive healthcare and client data across private clouds and three data centers. Facing a perimeter of more than 2,000 public IPs and strict regulatory requirements (ISAE 3402/SSAE 16 and French health‑data hosting approval), the company needed a rigorous, auditable vulnerability‑management process to ensure data confidentiality and compliance.

Cegedim deployed the Qualys Cloud Platform to run automated, continuous internal and external scans (using internal appliances where needed) and weekly reporting. The solution cut analysis time to under 30 minutes, accelerated remediation prioritization, reduced compliance effort, and improved proactive risk detection—helping Cegedim shrink its window of vulnerability, demonstrate compliance to auditors and clients, and maintain its approved health‑data hosting status.

Cegedim

Romain Vergniol

Head of Information Security