A security audit
is one of the best ways to determine the security level of an organization's information as well as its physical accessibility and safety in order to avoid the cost and other associated damages of an incident.
Security audits generally consist of two subjects: information technology (or logical) security and physical security.
- Logical security audits focus on the safety of data exchange, the back-ups, archiving, firewalls and network element. More in-depth security audits foresee vulnerability scans, penetration test. Logical security addresses also the key management of the encrypted data.
- Physical audits focus on access control, logs, surveillance camera availability and efficiency, computer room security and in-place business continuity systems.
Regarding the systems of reference, ELITT's approach is based on ISO 27001 security techniques, information security management as well as on the Information Technology Infrastructure Library (ITIL) and, more recently, the Payment Card Industry Data Security System (PCI DSS).
ELITT is certified for the provision of the following audit services:
- ISO 27001 - Information Security Management System (ISMS) standard
- Référence Générale de Sécurité (RGS) - Standard related to electronic exchanges between users and administration authorities in France