Organizational IT security audit

Organizational audit:
ensuring security measures are in place

What is an organizational audit?

The organizational IT security audit provides you with a macro view of your information system's security compared to the state of the art through a comprehensive review of your entity/structure's processes.

The objective of the audit is to ensure that the necessary security measures have been put in place to protect your critical assets/information.


Why conduct an organizational audit?
  • To enable you to do a security inventory;
  • Identify the gaps between your practices and the state of the art of security measures, from an organizational and technical point of view;
  • Help you guide you in securing your information systems through a roadmap.

Our methodology

audit-organisationnel

Nous réalisons l’audit organisationnel de sécurité informatique au regard de référentiels (norme ISO 27002), de l’état de l’art ainsi que des bonnes pratiques SSI rédigé par l’ANSSI.

Our consultants take into account the 3 pillars of information systems, "People/Process/Technology" and perform the following steps:

  • Interview, information and documentation gathering: interviews with the different stakeholders of the company including the process managers (Management, purchasing / CFO, CIO, administrators, developers...) to determine the essential elements to be protected, the organization and operation, ...
  • Analyse documentaire : revue des documents existants relatifs aux systèmes d’Information, comprenant les process écrits, la revue des sauvegardes, des PCA/PRA, des politiques d’accès, du Patch Management, des procédures d’exploitation, etc…
  • Identification and evaluation of security needs: our consultant will establish the gaps with the good practices. He will carry out an assessment of the cost (human, financial, time) versus the gain in security of each measure to better guide you and allow you to prioritize the actions to be taken. Examples of points verified :
    • Compliance of processes and security measures implemented (are the processes well established, controlled and effective?)
    • Distribution of responsibilities
    • Employee awareness of cyber risks
    • Security level of technical implementations (with regard to the documentation provided or following the interviews conducted)
    • Physical security of servers
  • Audit report writing and delivery of the deliverable: our consultant exchanges with you around the conclusions and recommendations following this organizational audit in order to guarantee you a good understanding of the assessment.
  • Deliverable and exchanges: our consultant exchanges with you around the conclusions and recommendations following this organizational audit in order to guarantee you a good understanding of the assessment.

Our added value :

  • Our technical requirement: we base our organizational audit on the same standards as the compliance audit, namely the ISO27002 standard, and on the state of the art in cybersecurity.
  • Our experience in organizational and compliance audits.
  • Our pragmatism: we deliver a roadmap tailored to your context and security needs to allow you to prioritize your actions.
  • Our plurality of internal skills that allows us to provide quality deliverables.

Other pages that might interest you :

GDPR compliance audit

We audit your personal data handling processes and list the points that are not compliant with the GDPR.

Security assistance

We help you implement information security within your infrastructure and your projects.

ACDC : Algo Centre De Compétences

Discover our outsourced IT security solutions: benefit from a pool of experts at your disposal, different formulas according to your needs.

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.