It is aimed at all types of companies that carry out technical audits for themselves or on behalf of their clients.
There are 5 technical audits:
- physical and organisation audit
- architecture audit
- configuration audit
- penetration test
- code audit
The provider can choose the operations that they wish to see qualified.
The qualification confirms the provider’s respect of:
- contractual aspects, legislation, regulations and impartiality;
- protection of information (at restricted circulation level);
- quality and safety requirements of its audit process
- the competence of its auditors for its qualified operations
The first two requirements are verified during an on-site audit and third by passing written and oral examinations.
The qualification is issued by LSTI for three years, subject to the completion of a surveillance audit at 18 months following the initial qualification or renewal. Auditors must also pass written and oral exams every 3 years.