"We considered that we had to be able to pay our employees. That's the heart of our responsibility; there is no room for compromise there." - Guillaume Peslin
Operational resilience is no longer a theoretical exercise. For organizations handling critical payment flows, the question is no longer if a disruption will happen, but how teams will continue operating when it does.
We spoke with Guillaume Peslin – Head of Treasury Middle Office and IT systems at ELIOR GROUP. He shared how the team moved from fragmented contingency thinking to a structured, group-level resilience approach, and how Astran became a key enabler in securing critical payment processes under crisis conditions.
From day one, the team framed the challenge in operational terms: what happens if internal and external systems go down and Elior cannot execute payments or meet deadlines? The risk felt concrete, especially with prior cyber incidents in the wider ecosystem; “we know attackers are around.”
The first step was a structured diagnostic with external providers: mapping processes, ranking criticality, and assessing impacts and vulnerabilities. The triage quickly made priorities obvious: payroll became non-negotiable.
The team's biggest concern wasn't only system downtime, it was losing control of data and execution. In a crisis, they needed to keep operating while preserving strict criteria: availability, integrity, confidentiality, and proof/traceability.
“We needed a way to exchange and use data confidentially,” Guillaume explains, “to continue working as if we were using internal tools, and not exposed to the outside world.”
Astran stood out for enabling secure continuity while supporting those criteria end-to-end. Trust also came from governance: the security leadership already knew Astran, and the solution was validated at group level. “IT signed the contract, not Treasury. That was essential; it had to be a group solution, not a local workaround.”
Implementation focused on making continuity executable with limited people and limited tools. In Astran, the Treasury team used already-processed files as a trusted base, ensuring that payroll teams could read, adjust, validate, and hand back data to the team for reinjection into the payment chain.
They also designed for partial failure: depending on what remained available, execution could happen via banking communication tools or directly through web-banking.
The group intentionally avoids relying on a single bank and instead prepared to use the web-banking platforms of key partners. Access and responsibilities is tightly controlled, with only a small number of trained individuals able to perform critical steps, ensuring speed, clarity, and traceability when pressure is highest.
This journey shows a shift from contingency thinking to operational confidence. By structuring priorities, securing the data chain, and designing for real-world constraints, the organization is building the ability to stay in control during disruption, and to keep critical payments moving when it matters most.