Protecting your data against cyberattacks

 Labgroup guarantees its clients protection from any ransomware attack due to highest security standards.

The current events of ransomware attacks hit over 300 000 computers around the world infiltrating banks, hospitals and government institutions.
Labgroup is pleased to inform its clients that no incident of a cyberattack or ransomware attack has been registered/reported. No client of Labgroup, using cloud computing (only for managed services), content & records management or data protection services, has been affected by these recent incidents.

Labgroup constantly improves its security measures while investing in high malware prevention solutions. As a trusted service provider PSDC (Provider of Digitisation and Conservation Services), as well as being ISO 27001:2013 certified, Labgroup complies with highest regulations and international standards in order to offer its clients the most secure service. The result, a complete protection against malicious software! The information lifecycle management company is proud to confirm that to this day, Labgroup has not been infiltrated or affected by a cyberattack.

What is ransomware?

The ransomware is distributed by emails, infecting the computer of the recipient. The software encrypts all files and a ransom is asked to be paid. The ransomware further attempts to infect other machines on the same network. In the specific case of ransomware Wannacry, the infection spreads without any user interaction, using a Windows vulnerability on a commonly used network protocol. 
Ransomware can:

  • Prevent you from accessing your data.
  • Encrypt files so you can’t use them.
  • Stop certain apps from running (like your web browser).

Why is malware so effective?

Most of us have already experienced a typical spam mail in our email account, containing an attached file (with a non-common extension) or URL link, suspicious at first sight.
New cyberattacks are more sophisticated, working with .pdf extensions and even files containing just a part of the malicious software code to deviate antispam/virus software.
Rather than sending the code within one file, which is (often) automatically detected by a standard antivirus/spam system, the malicious software code is sent in parts, integrated into non-suspicious, for instance, .jpeg or .pdf files and non-detectable by standard antivirus software.

If opened, the part of the code is silently installed on your computer, waiting for the other pieces of the malware puzzle to be integrated. Once all pieces of the puzzle are installed, they merge into one single code, infecting the computer of the victim.

How does Labgroup ensure a complete protection to its clients?

In order to guarantee a complete protection against cyberattacks, Labgroup implemented different solutions and follows strict security processes on several levels.
Firstly, the incoming emails and files run through a quick but effective Antispam/Antivirus filter allowing the system to remove the standard spam emails/malicious files. 
Secondly, Labgroup is collaborating with the company ODI Security systems by using ODIX CDR (Content Disarm & Reconstruction) that prevents the insertion of malware, ransomware and malicious activities. Contrary to other security systems, ODIX CDR considers all incoming files and emails as malicious, processing all incoming files, removing the elements that do not match the files type’s standards or set policies, then rebuilds the files into clean versions. Even the malware puzzle system can’t trick the ODIX algorithms, guaranteeing all our clients the highest protection available on the market.
Labgroup constantly invests in its security systems, so it seemed only natural to work with this pioneer in the field of malware prevention by integrating ODI Share and ODI Mail into its protection system. ODI offers a next generation threat neutralisation and removal process based on advanced heuristics and mathematical algorithms, originally developed for the military and specially created to protect companies, like Labgroup, against malware. Besides this, Labgroup implemented the fourth generation of firewalls, follows the recommended standard security measures for cybersecurity and conforms to the market security rules. and Security made in Luxembourg highly recommend functional backups to restore your files easily.

Protect all your business information with Labgroup. We guarantee protection, data recovery and business continuity with our backuponline services.

Backup is done incrementally and automatically to ensure minimal network resources while also safeguarding user productivity. In the case of a cyberattack, your data can be restored safely using our IT Recovery service. 
For further information,  download the brochure here.

What should I do when managing devices by myself? Click here. 

We invite our VPS clients to follow the recommendations of Computer Incident Response Centre Luxembourg (CIRCL) or to contact our Service Desk by sending an email to

Labgroup – first Provider of Digitisation and Conservation Services to the Financial Sector

We are proud to inform you that Lab Luxembourg S.A. (Labgroup) officially received on the 27th April 2017 the ministerial authorisation to exercise the activities as a Provider of Digitisation and Conservation Services to the Financial Sector. (view PDF)


Labgroup is a Support PFS – a subcontractor of operational functions on behalf of other financial professionals – since 2004 under the amended law of the 5th April 1993 on the financial sector:

  • Article 29-1. Client communication agents
  • Article 29-3. Primary IT systems operators of the financial sector
  • Article 29-4. Secondary IT systems and communication networks operators of the financial sector

After obtaining the PSDC-DC status (Provider of Digitisation and Conservation Services), first February 2017, Labgroup is again the first company in Luxembourg acquiring the authorisation:

  • Article 29-5. Dematerialisation service providers
  • Article 29-6. Conservation service providers

Thanks to Labgroup, companies of the sector can now benefit from a presumption of conformity of their electronic copies of paper documents.

Labgroup – premier Prestataire de Services de Dématérialisation et de Conservation du Secteur Financier

Nous sommes fiers de vous informer que la société Lab Luxembourg S.A. (Labgroup) a officiellement reçu en date du 27 avril 2017 l’autorisation ministérielle d’exercer les activités de Prestataire de Services de Dématérialisation et de Conservation du Secteur Financier (voir PDF).


Labgroup est un PSF de support – c’est-à-dire un sous-traitant de fonctions opérationnelles pour compte de professionnels financiers proprement dits depuis 2004, au titre de la loi modifiée du 05 avril 1993 relative au secteur financier :

  • Article 29-1. Les agents de communication à la clientèle – ACC
  • Article 29-3. Les opérateurs de systèmes informatiques primaires du secteur financier – OSIP
  • Article 29-4. Les opérateurs de systèmes informatiques secondaires et de réseaux de communication du secteur financier – OSIS

Suite à l’obtention du statut de PSDC-DC (Prestataire de Services de Dématérialisation et de Conservation) le 1er février 2017, Labgroup est de nouveau la première société au Luxembourg à obtenir l’autorisation :

  • Article 29-5 . Les prestataires de services de dématérialisation du secteur financier
  • Article 29-6. Les prestataires de services de conservation du secteur financier.

Grâce à Labgroup, les entreprises du secteur peuvent désormais bénéficier de la présomption de conformité des copies électroniques de documents.

Looking for a a document management solution? Discover LuxDoc, the simplest document management solution!

Looking for a document management solution? Discover LuxDoc, the simplest document management solution!

Electronic document management has never been easier! The LuxDoc solution allows you to scan documents on your multifunctional device and securely host the electronic version with Labgroup. The LuxDoc software ensures easy and efficient electronic document management.

February 16 – Global Information Governance Day 2017



Today is the Global Information Governance Day! #GIGD occurs on the third Thursday in February and was established to raise the awareness of information governance.


IG is the activities and technologies that organisations employ to maximise the value of their information while minimising associated risks and costs.

IG is a holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat information as a valuable business asset:

  • to make information assets available to those who need it
  • to provide employees with data they can trust and easily access while making business decisions
  • to reduce the legal risks associated with unmanaged or inconsistently managed information

The information governance, after a preliminary analysis, results in a classification of different value levels of your information. The outcome of this classification is the identification of your information with engaging/probative/legal value. (for instance business contracts, policies…)

Breaking news on information governance in Europe – Trusted service provider for legal documents Labgroup first PSDC to be certified – #Archiving2.0

Since three millennia, the archiving of the writings is inseparable from its paper support. However, technological advances make it possible to perform native electronic records and to dematerialise paper documents.

The European regulation eIDAS (Electronic Identification and Trust Services) 910/2014, which has been fully implemented since the 1st of July 2016, has clearly demonstrated the willingness of member states to consider these technological advances and democratise digitisation by:

  • enhancing the security of electronic exchanges;
  • recognizing the universal value of the electronic signature;
  • granting the legal value to a digital document.

In Luxembourg the legal framework anticipates and supports this democratisation of the digitisation. The law of 25th of July 2015 on electronic archiving recognises the probative value of electronic copies of paper documents produced by a PSDC (Provider of Digitisation and Conservation Services) certified company to respect all the conditions of strict fidelity to the original and, moreover, presumption of conformity with the original.

As being the first company which is certified PSDC-DC in Luxembourg, Labgroup is certified as:

  • Provider of Digitisation Services, in other words Labgroup is empowered to create legal electronic copies of paper documents;
  • Provider of Conservation Services, which guarantees the integrity, confidentiality and persistence of electronic archives throughout their retention period.

What is the value of the PSDC status abroad? While Luxembourg has been a precursor with this new law, other countries have also embarked on the path of digital transformation by introducing an attractive legal regime for electronic archiving. However, no other country engages the state through the certification of service providers, such as the PSDC status in Luxembourg.

By archiving in Luxembourg, companies in Belgium or France could therefore both exploit their national legislation and benefit from the guarantees offered by the PSDC status.

Do you want to learn more about information governance or electronic archiving?

Do you need further information on legal electronic archiving, project or risk management to efficiently implement your digital transformation project? We offer dedicated and tailored intra-company trainings to help you implementing your electronic archiving project!

Contact us now for further information by sending a mail to

Subject 2016 – Issues retrieving your documents

Subject 2015 – Benefits of information governance

Attachment: Consulter l’article en Français

CNPD: vidéos animées sur le futur règlement européen en matière de protection des données

Dans le cadre de la Journée de la protection des données, qui a eu lieu le 28 janvier 2017, la Commission Nationale pour la Protection des Données (CNPD) a publié trois vidéos animées sur le futur règlement européen en matière de protection des données.

Le 28 janvier était la « Journée de la protection des données ». Le but de cette journée est de sensibiliser les citoyens sur l’importance de la protection de leurs données personnelles et du respect de leurs libertés et droits fondamentaux, en particulier de leur vie privée. C’est la date de l’ouverture à la signature de la « Convention 108 » du Conseil de l’Europe (28 janvier 1981). Cette dernière a été le premier instrument international juridiquement contraignant en la matière. Depuis plus de 35 ans, la convention vise à protéger toute personne contre l’utilisation abusive des données qui la concernent et à assurer la transparence quant aux fichiers et traitements des données personnelles.

Tenir compte de la globalisation et de l’émergence de nouvelles technologies, qui ont repoussé les limites traditionnelles qui modéraient la disponibilité de données sur notre personnalité, notre entourage et nos habitudes de vie,  un nouveau règlement général sur la protection des données a été établi et sera, à partir du 25 mai 2018, applicable à tous les acteurs intervenant sur le territoire de l’Union européenne. Les nouvelles règles consistent à donner aux citoyens plus de contrôle sur leurs données personnelles, à responsabiliser davantage les entreprises tout en réduisant leurs charges déclaratives et à renforcer le rôle des autorités de protection des données tel que la CNPD.

Veuillez découvrir les vidéos sur le site de la CNPD:

@Copyright CNPD 2017

Integrated Management System – Interview – Overview on the current challenges organisations are facing in respect of compliance and audit

The Integrated Management System challenges

The issues that companies face at the moment in terms of compliance are particularly linked to the omnipresence of regulation on the Luxembourgish market.

This has raised a demand for integrated management systems (IMS), to be used as a central/unique repository for all reference documents required for implementation, audit and certification against regulations, standards or best practices. Labgroup has been a precursor on this track, having already put in place a comprehensive IMS that has proved its value on the occasion of the audit for the ISO 27001[1] certification on February 2014. Further, early this year, the company succeeded in the renewing of both the ISO 9001[2] and the ISO 27001 certifications, as a result of a single audit process. And, last but not least, Labgroup’s IMS is being fed for the purpose of the next audit to be performed, in order for Labgroup to become the first company to be PSDC certified.

Operating in a highly regulated market is very demanding and it is key to success for enterprises to switch their perspective on these regulations from a hindrance to an opportunity for improvement.


(from right to left) Sébastien Pineau, Lead Partnership Officer, LIST, Bernard Moreau, CEO, Labgroup, Pierre Dewez, CEO, PECB Europe. @Hôtel Royal #Elephantparade – save the elephants initiative

This has been the cornerstone of Labgroup’s certification strategy, involving both management and staff, as it is extremely important that everyone, as part of the organisation, is involved from a to z. To successfully achieve this, it is essential to innovate with organisations such as LIST, who are dedicated to help enterprises meet all these compliance requirements.

In fact, List designed a set of processes to target different certifications and develops tools, allowing to achieve compliance with different regulations. Currently, the institute launched a comprehensive risk management process for two types of risk: operational and information security risks.

Video - Integrated Management System

Interview – Integrated Management System – LIST – PECB – LABGROUP – Watch the video now!

The certification challenge

In a market that is increasingly moving towards deploying and operating integrated management systems, it does no longer make sense to audit and certify each norm individually.

This is the reason why for Labgroup, it was very important to find a certification body capable of auditing and certifying integrated management systems, not only  ISO standards but also compliance with standards, such as PSDC.

The main difficulty to achieve this is the lack of auditors with a strong background in all the relevant fields, who are able to understand the complexity and challenges of these management systems, and all the processes and tools within.

PECB Europe, the first Luxemburgish certification body, is able to provide an answer to all of these compliance milestones in one single audit.

The key factor in achieving this is understanding how to accompany the certification and auditing process whilst leveraging what is really important for enterprises, always focusing on decreasing the footprint and noise that an audit could cause in an organisation.

Becoming the first PSDC certified company in the market, strongly increases the demands and exigencies of an integrated management system, setting a new benchmark for compliance.

This is the reason why it is more and more important that organisations such as LIST, are able to provide innovative tools to better integrate regulation, with the target of being able in the future to integrate the regulators and the regulation, making compliance more easily accessible and efficient for the whole ecosystem in Luxemburg, as well as contributing to the Luxemburgish trusted data hub.

PSDC – The new certification scheme on Dematerialisation and Archiving Services, based on the Luxemburgish law on electronic archiving (25 of July 2015).

What is PSDC?

PSDC is a standard developed to meet the requirements of the Luxembourgish law on electronic archiving (25 of July of 2015), by which an organisation providing dematerialisation and archiving services, can become certified against PSDC technical rules and requirements.

Being a PSDC certified organisation means that all documents processed by the certified organisation have the same probative value as the original. This, in turn, implies that these documents are valid in a tribunal or court, having the same value as the analogic originals (paper-based).


Lab Luxembourg S.A.

Marketing Department

2, rue Edmond Reuter

L-5326 Contern


T +352 350 222 999

F +352 350 222 350



Download press pack:






Communiqué de presse – Labgroup

Press release – Labgroup

[1] ISO 27001 “specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.”, Definition, International Organization of Standardization, 2016, available online: .

[2] ISO 9001 “specifies requirements for a quality management system when an organization:

  1. a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
  2. b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of ISO 9001 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.”Definition, International Organization of Standardization, 2016, available online: .

Journée Internationale des Archives / International Archives Day

Aujourd’hui c’est la journée internationale des Archives !

Une occasion de remercier ceux qui facilitent nos recherches et échanges d’information….

 An opportunity to thank the ones that ease our researches and information exchanges… Today is the International Archives Day! 

Cette journée internationale place les archives au centre de l’attention en démontrant qu’une bonne organisation de la circulation des archives pendant leur cycle de vie est importante.

This international day puts the focus on the archives by highlighting that well-established organisation of the archive(s) flow during their whole lifecycle is important


Les archives sont des documents de différents types, de différents supports et de différentes périodes qui découlent de l’activité des organisations. Outil de bonne gestion et de gouvernance, elles sont conservées comme preuve ou témoignage du passé. Elles fournissent à la fois des preuves, des explications et des justifications aux actions et aux décisions passées et constituent des bases pour celles du futur.

L’optimisation de l’utilisation et la conservation de vos archives permettent d’améliorer votre efficacité et de rester « compliant » à tous les niveaux de votre activité quotidienne. Perçues comme un challenge pour les organisations, les archives représentent une plus-value.

Archives are documents of different types, age or support that are produced by an organization as part of an activity. Defined as being a management and governance tool for businesses, archives are witnesses of past events. They provide evidence, explanation and justification both for past actions and current decisions.
The optimization of the day to day use as well as the retention schedule of your archives improve your efficiency and enable to stay compliant. Mostly considered as a burden rather than an asset, archives represent an added value to your business.


Cette nouvelle loi reconnaît la valeur probante des copies électroniques de documents papier, dont elle autorise donc la destruction, et instaure le statut de PSDC (Prestataire de Services de Dématérialisation ou de Conservation). Les archives électroniques créées et conservées par une entreprise certifiée PSDC, bénéficient de la valeur légale d’original”.

This new law acknowledges the probative value of electronic copies of paper documents that therefore allows their destruction, and creates the PSDC status (Dematerialisation and Archiving Service Provider). The electronic archives, created and maintained by a certified company, benefit from the same legal value as the original document.

Plus d’informations ici


La théorie des trois âges des archives est une notion fondamentale de la gestion du cycle de vie des archives. Chaque archive depuis sa création jusqu’à la détermination de son sort final (destruction ou conservation) traverse ces périodes : les archives courantes, les archives intermédiaires et les archives définitives.

The Three Ages Theory is a fundamental notion enabling the management of the lifecycle of archives. Every archive from its creation to determination of its end (destruction or retention) goes through those periods:  active, semi-active, inactive.

La gestion des archives courantes et intermédiaires :

  • Optimisation de la circulation des archives,
  • Organisation des procédures de recherche et de mise à disposition,
  • Gestion des accès et de l’authenticité,
  • Sécurisation de la destruction

La gestion des archives définitives :

  • Décrire les archives et les fonds selon des normes archivistiques,
  • Assurer la conservation à long terme pour les archives sur support physique et électronique,
  • Gérer la confidentialité et la communicabilité.

Manage their active and intermediate archives:

  • Optimization of the information’s circulation,
  • Organization of the searching and display of procedures,
  • Management of the access and authenticity,
  • Secured destruction,

Manage definitive archives:

  • To describe archives and funds according to archival standards,
  • Assure long term preservation both paper and electronic,
  • Transparency and confidentiality.


Plus d’informations ici


Plus d’informations ici

Copyright © 2016 Lab Luxembourg SA, All rights reserved.

Executives Say Less Than 10 Percent of Business Processes will Rely on Paper by 2018, Xerox study

Xerox study shows the digital enterprise is on the horizon but there’s more talk than action. (survey of 600 IT decision-makers in large North American and Western European organisations.)

The “Digitisation at Work” report from Xerox shows the move from paper to digital processes is nearly upon us but many survey respondents admit they may not be ready for it.

The report found broad concern over paper-based processes, with cost (42 percent) and security (42 percent) cited as primary issues. Survey respondents predicted an average of only nine percent of key business operation processes will run on paper in the next two years.

For further information about the study, we invite you to download the press release.