passi security audit

The qualification of information systems security audit service providers (PASSI) is part of the the general security regulations (RGS) of the National Cybersecurity Agency of France (ANSSI).

It is aimed at all types of companies that carry out technical audits for themselves or on behalf of their clients.

There are 5 technical audits:

  • physical and organisation audit
  • architecture audit
  • configuration audit
  • penetration test
  • code audit

The provider can choose the operations that they wish to see qualified.

The qualification confirms the provider’s respect of:

  • contractual aspects, legislation, regulations and impartiality;
  • protection of information (at restricted circulation level);
  • quality and safety requirements of its audit process
  • the competence of its auditors for its qualified operations

The first two requirements are verified during an on-site audit and third by passing written and oral examinations.

The qualification is issued by LSTI for three years, subject to the completion of a surveillance audit at 18 months following the initial qualification or renewal. Auditors must also pass written and oral exams every 3 years.

Qualified providers are on the LSTI list as well as the ANSSI list .

For more information or to receive a quote, please contact Armelle Trotin on 02 72 88 12 45 or by email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Print Email