Security Audits & Penetration Testing
Complete security audits with penetration testing, infrastructure analysis, and actionable recommendations. Identify vulnerabilities before attackers do.
Contact usWhy choose our audits?
Penetration Testing
Ethical hacking to find real vulnerabilities
Infrastructure Analysis
Complete review of your security posture
Compliance Checks
NIS2, DORA, ISO 27001 compliance
Detailed Reports
Actionable recommendations and remediation plans
Our Audit Services
SOC 2 Compliance Audit
SOC 2 Type I and Type II audit for your service compliance. **Scope:** - Trust Services Criteria (TSC) - Security, Availability, Integrity - Confidentiality, Privacy - Organizational controls **Deliverables:** - Initial gap analysis - Remediation plan - SOC 2 report - CPA attestation **For:** SaaS, Cloud providers, B2B services
SOC 2 Certification
Complete SOC 2 certification support. **Process:** 1. Initial assessment 2. Control design 3. Implementation 4. Readiness audit 5. Final CPA audit **Included:** - Policy and procedure templates - Monitoring tools - Team training - Support until certification
ISO 27001 Audit
ISO 27001ISO 27001 compliance audit to assess your Information Security Management System (ISMS) and identify gaps before certification.
PCI DSS Audit
PCI DSSPCI DSS audit for card payment compliance. **Levels:** - Level 1: >6M transactions/year (QSA required) - Levels 2-4: SAQ applicable **Services:** - Scoping and flow analysis - Audit of 12 PCI DSS 4.0 requirements - Quarterly ASV scan - Annual penetration tests - Compliance report (ROC/AOC) **For:** E-commerce, PSP, banks, retail
PCI DSS Consultant
PCI DSS QSAExpert PCI DSS consulting. Continuous or ad-hoc support. **Services:** - PCI scope reduction (tokenization, segmentation) - PCI DSS 4.0 compliance - QSA audit preparation - Post-audit remediation - PCI Council regulatory watch **Modes:** - Day rate - Monthly subscription - Full mission
SOX IT Audit
IT controls audit for Sarbanes-Oxley compliance. **Scope:** - IT General Controls (ITGC) - Application Controls - Segregation of Duties - Change Management - Access Controls **Deliverables:** - Control matrix - Effectiveness testing - Deficiency report - Remediation plan **For:** US-listed companies, French subsidiaries of US groups
NIS2 Compliance Audit
NIS2 compliance audit for essential and important entities. **Assessment:** - NIS2 applicability - Article 21 gap analysis - Risk management maturity - Detection/response capabilities - Governance and reporting **Deliverables:** - NIS2 compliance report - Compliance roadmap - Monitoring indicators **For:** Energy, transport, health, digital, essential services
DORA Resilience Audit
DORA resilience audit for financial sector. **Assessment:** - ICT risk management framework - Resilience testing (TLPT) - Critical ICT third-party management - Incident reporting capabilities - Cyber information sharing **Deliverables:** - DORA maturity report - Resilience testing plan - ICT third-party register **For:** Financial institutions and ICT providers
GDPR Compliance Audit
Comprehensive GDPR compliance audit to assess your personal data processing practices and build an action plan towards compliance.
Cybersecurity Audit
Comprehensive audit of your information system to identify vulnerabilities, assess risks and define a security action plan tailored to your context.
Cyber Risk Assessment
Cyber risk assessment and quantification. **Methodology:** - Critical asset identification - Threat analysis (MITRE ATT&CK) - Vulnerability assessment - Financial impact calculation - Risk prioritization **Deliverables:** - Risk register - Risk heat map - Financial quantification (FAIR) - Treatment plan
Vulnerability Assessment
Vulnerability identification and classification. **Scope:** - Infrastructure (network, servers) - Web applications and APIs - Cloud (AWS, Azure, GCP) - Workstations - IoT and OT **Tools:** - Nessus, Qualys scanners - OWASP ZAP, Burp Suite - Custom scripts **Deliverables:** - CVSS vulnerability report - Risk-based prioritization - Remediation recommendations
Cloud Security Audit
Cloud environment security audit. **Coverage:** - AWS: IAM, VPC, S3, KMS, CloudTrail - Azure: Entra ID, NSG, Key Vault - GCP: IAM, VPC, Cloud KMS - Multi-cloud and hybrid **Checks:** - Cloud CIS Benchmarks - Provider best practices - Compliance (SOC2, ISO) **Deliverables:** - CIS Benchmark report - Critical misconfigurations - Cloud remediation plan
Active Directory Security Assessment
Active Directory security audit on-premise and Azure AD. **Analysis:** - AD and GPO configuration - Privileged accounts (Tier Model) - Kerberos and delegation - Attack paths (BloodHound) - Azure AD / Entra ID sync **Tools:** - PingCastle - BloodHound - Purple Knight **Deliverables:** - PingCastle score - Critical attack paths - AD hardening plan
AI Governance Audit
AI practices audit and EU AI Act compliance. **Assessment:** - AI systems inventory - EU AI Act risk classification - Documentation and transparency - Bias and algorithmic fairness - ML model security **Deliverables:** - AI registry - EU AI Act gap analysis - Ethics recommendations - AI governance framework
Need a security assessment?
Contact us to discuss your security audit needs and get a comprehensive evaluation of your infrastructure.
Request an audit