Security is above all a question of means and processes, but also of clear and transparent information towards its customers. It is essential that you are very demanding of your subcontractor (host for example) in terms of security, availability and operating conditions.

The purpose of such an audit is not to give a certification with respect to such and such a standard, the objective is to evaluate thestate of your subcontractor's information systemssecurity organization with respect to technical and regulatory standards, but also with respect to the contract that binds it to your organization. In other words, what is its "cyber maturity" with regard to the work performed on your behalf? Indeed, the audit must show, with the help of evidence, how the operational reality corresponds to what was signed between you and your subcontractor and that it fully meets your security needs - including data protection aspects.