Organizational and physical audit
During organizational and physical audits, the Synetis auditor will carry out an analysis of the policies and procedures defined by your firm in order to verify their compliance with the security needs you express. Naturally, Synetis can help you define these needs.
In a first phase, a document analysis is carried out, then completed by interviews with the employees concerned. Lastly, technical samples may be taken in order to obtain audit evidence.
Above and beyond IT intrusions, hackers are now able to carry out physical intrusions, directly affecting the heart of their victims’ information systems. From ID cloning to lockpicking, attackers have an offensive arsenal at their disposal that can put corporate security systems to the test.
Of note is that Organizational and Physical audits include an on-site audit to verify the procedures and their correct application. Synetis auditors can also carry out physical intrusion tests to simulate an attacker’s point of view as realistically as possible.
The audit methodology will follow the ISO 27002 standard as well as the ANSSI recommendations.
The first phase consists in analyzing the documentation relating to the physical security implemented, following which we run technical tests under Black Box (user without access) and then Gray Box (standard employee access) conditions.