Complete security audits with penetration testing, infrastructure analysis, and actionable recommendations. Identify vulnerabilities before attackers do.
Contact usEthical hacking to find real vulnerabilities
Complete review of your security posture
NIS2, DORA, ISO 27001 compliance
Actionable recommendations and remediation plans
SOC 2 Type I and Type II audit for your service compliance. **Scope:** - Trust Services Criteria (TSC) - Security, Availability, Integrity - Confidentiality, Privacy - Organizational controls **Deliverables:** - Initial gap analysis - Remediation plan - SOC 2 report - CPA attestation **For:** SaaS, Cloud providers, B2B services
Contact us to discuss your security audit needs and get a comprehensive evaluation of your infrastructure.
Request an auditComplete SOC 2 certification support. **Process:** 1. Initial assessment 2. Control design 3. Implementation 4. Readiness audit 5. Final CPA audit **Included:** - Policy and procedure templates - Monitoring tools - Team training - Support until certification
ISO 27001 compliance audit to assess your Information Security Management System (ISMS) and identify gaps before certification.
PCI DSS audit for card payment compliance. **Levels:** - Level 1: >6M transactions/year (QSA required) - Levels 2-4: SAQ applicable **Services:** - Scoping and flow analysis - Audit of 12 PCI DSS 4.0 requirements - Quarterly ASV scan - Annual penetration tests - Compliance report (ROC/AOC) **For:** E-commerce, PSP, banks, retail
Expert PCI DSS consulting. Continuous or ad-hoc support. **Services:** - PCI scope reduction (tokenization, segmentation) - PCI DSS 4.0 compliance - QSA audit preparation - Post-audit remediation - PCI Council regulatory watch **Modes:** - Day rate - Monthly subscription - Full mission
IT controls audit for Sarbanes-Oxley compliance. **Scope:** - IT General Controls (ITGC) - Application Controls - Segregation of Duties - Change Management - Access Controls **Deliverables:** - Control matrix - Effectiveness testing - Deficiency report - Remediation plan **For:** US-listed companies, French subsidiaries of US groups
NIS2 compliance audit for essential and important entities. **Assessment:** - NIS2 applicability - Article 21 gap analysis - Risk management maturity - Detection/response capabilities - Governance and reporting **Deliverables:** - NIS2 compliance report - Compliance roadmap - Monitoring indicators **For:** Energy, transport, health, digital, essential services
DORA resilience audit for financial sector. **Assessment:** - ICT risk management framework - Resilience testing (TLPT) - Critical ICT third-party management - Incident reporting capabilities - Cyber information sharing **Deliverables:** - DORA maturity report - Resilience testing plan - ICT third-party register **For:** Financial institutions and ICT providers
Comprehensive GDPR compliance audit to assess your personal data processing practices and build an action plan towards compliance.
Comprehensive audit of your information system to identify vulnerabilities, assess risks and define a security action plan tailored to your context.
Cyber risk assessment and quantification. **Methodology:** - Critical asset identification - Threat analysis (MITRE ATT&CK) - Vulnerability assessment - Financial impact calculation - Risk prioritization **Deliverables:** - Risk register - Risk heat map - Financial quantification (FAIR) - Treatment plan
Vulnerability identification and classification. **Scope:** - Infrastructure (network, servers) - Web applications and APIs - Cloud (AWS, Azure, GCP) - Workstations - IoT and OT **Tools:** - Nessus, Qualys scanners - OWASP ZAP, Burp Suite - Custom scripts **Deliverables:** - CVSS vulnerability report - Risk-based prioritization - Remediation recommendations
Cloud environment security audit. **Coverage:** - AWS: IAM, VPC, S3, KMS, CloudTrail - Azure: Entra ID, NSG, Key Vault - GCP: IAM, VPC, Cloud KMS - Multi-cloud and hybrid **Checks:** - Cloud CIS Benchmarks - Provider best practices - Compliance (SOC2, ISO) **Deliverables:** - CIS Benchmark report - Critical misconfigurations - Cloud remediation plan
Active Directory security audit on-premise and Azure AD. **Analysis:** - AD and GPO configuration - Privileged accounts (Tier Model) - Kerberos and delegation - Attack paths (BloodHound) - Azure AD / Entra ID sync **Tools:** - PingCastle - BloodHound - Purple Knight **Deliverables:** - PingCastle score - Critical attack paths - AD hardening plan
AI practices audit and EU AI Act compliance. **Assessment:** - AI systems inventory - EU AI Act risk classification - Documentation and transparency - Bias and algorithmic fairness - ML model security **Deliverables:** - AI registry - EU AI Act gap analysis - Ethics recommendations - AI governance framework