The first step towards securing its data is the knowledge of its information system, weaknesses, vulnerabilities, threats around it and risks to these shortcomings.

Knowledge of the Information System inevitably involves an auditof all or part of it, by means of:

• Organizational audit
• Process auditing
• Compliance audit (to Security Policy and/or to regulation)
• Technical audit of infrastructures
• Technical audit of network and application security (source code audit, internal / external penetration test, etc.)
• Employee maturity audit

Brightway is now PASSI qualified (Information Systems Security Audit Service Provider) on 4 scopes:

• Organizational and physical audit
• Architecture Audit
• Setup Audit
• Penetration testing