Audit

Architecture audit

The architecture audit checks the design consistency of an information system with regard to its security objectives. The auditors assess the relevance and compliance of the technological choices from the point of view of the DICT (Availability, Integrity, Confidentiality and Traceability) in relation to the state of the art, the applicable requirements and the ANSSI guides. The SEC-IT audit team identifies potential weaknesses and makes recommendations that are consistent with the company's business needs and constraints.

Checkpoints include:

Flow partitioning
Segregation of critical services
Hardening of technical components (network, system, middleware, applications and endpoints)
System sizing and performance
Management of system administration, privileged rights
Backup, logs and secure archives
Business continuity and disaster recovery

Configuration audit

We control the application of secure configuration standards for:

LAN, Wifi, SDWan networks
On-premise servers: AD, messaging, databases, file sharing, OS hardening
Cloud tenants: Azure, AWS, O365 (Exchange Online, SharePoint, Teams)

Organizational Audit

This audit makes it possible to assess the deviations, vulnerabilities, non-conformities of the company and its cyber security practices in relation to:

Regulations (ex: NIS, DORA, GDPR)
Normative standards (ex: ISO 27001/27002, ISAE 3402) or security frameworks (ex: NIST)
Specific B2B requirements raised by the clients of our clients, or going to their providers

This audit also responds to:

The need of improvement the IS security management processes
The improvement of the management system (ISMS), for example as part of a Plan-Do-Check-Act (PDCA) cycle

Subcontracting audit

Mastering the supply chain is a major challenge for data security. We carry out the audit of critical suppliers according to the reference system in force in the company: Information policies, customer's contractual requirements, international standards.