logo

PASSI Élevé LPM Qualified Audit

The PASSI qualification security visa is the French State's recommendation of cybersecurity services proven and approved by ANSSI. Adacis is qualified PASSI Élevé LPM by ANSSI to audit sensitive systems, notably those of OIV (operators of vital importance), to the most demanding standards.

Faced with digital risks, the security visas issued by ANSSI make it possible to identify security solutions that are reliable and recognized as such following an assessment carried out by accredited laboratories, according to a rigorous and proven methodology. It is essential to note that each auditor holds their own PASSI qualification specific to their area of expertise.

This recognition strengthens confidence in the skills and capabilities of auditors in information systems security. This qualification is the result of over 20 years of experience and expertise in information security, and the commitment of our entire team.

Learn more about PASSISee our certificate
img

Regulatory audits

Our different PASSI-qualified audit scopes

image

Penetration Testing Audit

The principle of penetration testing is to discover vulnerabilities in the audited information system and verify their exploitability and impact, under the real-world conditions of an attack on the information system, standing in for a potential attacker.

image

Architecture Audit

The architecture audit verifies compliance of security practices relating to the selection, positioning and implementation of hardware and software deployed in an information system, against the state of the art and the audited party's internal requirements and rules.

image

Organizational and Physical Audit

The audit of logical and physical security organization aims to ensure compliance with the security policies and procedures defined by the audited party, to ensure the operational and security maintenance of an application, and that they properly complement the technical measures in place.

image

Configuration Audit

The configuration audit aims to verify the implementation of security practices compliant with the state of the art and the audited party's internal requirements and rules regarding the configuration of hardware and software deployed in an information system.

How an audit unfolds

01

Appointing an audit manager

• An audit manager and an audit team are appointed after the initial sales contact. The audit manager is your main point of contact throughout the audit.

02

Drafting an audit agreement

• An audit agreement is drafted by ADACIS in line with your objectives, context and needs, guaranteeing compliance with the PASSI qualification and the mission's objectives.

03

Establishing contact

• Before the audit begins, a kickoff meeting brings together all parties involved to introduce themselves and establish contact with you and the audited teams. We will in particular ask to review your documentation and speak with your staff.

04

Vulnerability research

• The audit spans two to three weeks, alternating between on-site and off-site work, to better understand your IT architecture, documentation and specific requirements, and where needed to build proof-of-concept exploits to demonstrate vulnerabilities.
Auditors follow a defined methodology for each activity, including interviews, configuration reviews and penetration tests within an agreed scope, while avoiding denial of service.

05

Reporting and disclosure of vulnerabilities

• On the last day of the audit, a hot debrief meeting communicates the critical or major vulnerabilities identified. In the case of critical vulnerabilities in particular, you will be notified immediately at any point during the audit.

06

Explaining the results

• After the audit report is delivered, a closing meeting finalizes the audit engagement, shares the conclusions, and explains the results in detail. All documents held by ADACIS are then destroyed or returned.

Auditors and expertise

Each of our auditors holds their own personal PASSI qualification, and also holds additional certifications depending on their own area of expertise:
• OSCP (Penetration testing)
• ISO 27001
• ISO 27005
• EBIOS Risk Manager

As well as technical certifications.
The diversity of ADACIS's PASSI auditors provides different perspectives. The diversity of audit activities and ADACIS auditor profiles provides, during an audit, multiple perspectives on an organization's security level

img
img

An independent and ethical audit

Taking part in audits can be a sensitive moment for teams and organizations. That is why the human qualities of ADACIS auditors are also assessed.

The values of ADACIS's PASSI auditors are as follows:
• Ethics
• Impartiality
• Professionalism
• Confidentiality
• Independence
• Evidence

Simply put, an audit is not there to pass judgment; it is a governance tool that highlights strengths and sheds light on vulnerabilities that could jeopardize an organization's mission, or even its viability.
An audit helps ensure the continuous improvement of organizations or management systems — you always keep control over which solutions to implement.

Audit quality for everyone

Security is everyone's business, so ADACIS also offers packages for small and mid-sized businesses. PASSI know-how is not reserved for large groups — an SME like ADACIS brings its professionalism, ethics, confidentiality and other third-party-recognized qualities within your reach, without the obligation to bear the constraints of a PASSI audit.

img
img

The cost of a PASSI audit

The cost of an audit depends on many factors:
• The scope, such as the size of the IT system or the number of assets;
• The number of auditors involved;
• The audit activities;
• Whether the audit is performed remotely or on-site.
Auditor billing is per day (man-day) and is detailed in a quote that will be sent to you.

ADACIS's human scale and its location in Nouvelle-Aquitaine allow us to deliver quality audits to organizations of any size. Furthermore, our clients operate at a national and international scale, and we remain mobile.