Organizational IT security audit

Organizational audit:
ensuring security measures are in place

What is an organizational audit?

The organizational IT security audit provides you with a macro view of your information system's security compared to the state of the art through a comprehensive review of your entity/structure's processes.

L’objectif de l’audit est de s’assurer que les mesures de sécurité nécessaires ont été mises en place pour protéger vos biens/informations essentiels.


Pourquoi réaliser un audit organisationnel ?

  • To enable you to do a security inventory;
  • Identify the gaps between your practices and the state of the art of security measures, from an organizational and technical point of view;
  • Help you guide you in securing your information systems through a roadmap.

Our methodology

audit-organisationnel

Nous réalisons l’audit organisationnel de sécurité informatique au regard de référentiels (norme ISO 27002), de l’état de l’art ainsi que des bonnes pratiques SSI rédigé par l’ANSSI.

Our consultants take into account the 3 pillars of information systems, "People/Process/Technology" and perform the following steps:

  • Interview, information and documentation gathering: interviews with the different stakeholders of the company including the process managers (Management, purchasing / CFO, CIO, administrators, developers...) to determine the essential elements to be protected, the organization and operation, ...
  • Analyse documentaire : revue des documents existants relatifs aux systèmes d’Information, comprenant les process écrits, la revue des sauvegardes, des PCA/PRA, des politiques d’accès, du Patch Management, des procédures d’exploitation, etc…
  • Identification and evaluation of security needs: our consultant will establish the gaps with the good practices. He will carry out an assessment of the cost (human, financial, time) versus the gain in security of each measure to better guide you and allow you to prioritize the actions to be taken. Examples of points verified :
    • Compliance of processes and security measures implemented (are the processes well established, controlled and effective?)
    • Distribution of responsibilities
    • Employee awareness of cyber risks
    • Security level of technical implementations (with regard to the documentation provided or following the interviews conducted)
    • Physical security of servers
  • Audit report writing and delivery of the deliverable: our consultant exchanges with you around the conclusions and recommendations following this organizational audit in order to guarantee you a good understanding of the assessment.
  • Deliverable and exchanges: our consultant exchanges with you around the conclusions and recommendations following this organizational audit in order to guarantee you a good understanding of the assessment.

Our added value :

  • Our technical requirement: we base our organizational audit on the same standards as the compliance audit, namely the ISO27002 standard, and on the state of the art in cybersecurity.
  • Our experience in organizational and compliance audits.
  • Our pragmatism: we deliver a roadmap tailored to your context and security needs to allow you to prioritize your actions.
  • Our plurality of internal skills that allows us to provide quality deliverables.

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.