Audit & assessment (PASSI)

Our PASSI-qualified auditors assess the security posture of your information systems: penetration testing, configuration reviews, architecture audits and organisational audit.

Audit & assessment

PASSI-qualified audits, across four scopes.

Brightway is a PASSI RGS audit provider qualified by ANSSI. Every engagement results in a detailed, actionable report compliant with your supervisory authorities' requirements. Our auditors cover four scopes issued by ANSSI.

ANSSI qualification

Our 4 PASSI scopes.

Organisational & physical audit

Assessment of policies, procedures and physical security controls. Analysis of governance, risk management and business continuity.

Architecture audit

Review of technical choices, network flows and segmentation. Identification of gaps against ANSSI frameworks and sector good practice.

Configuration audit

Analysis of system, network, application and exposed-service configurations. Review of permissions, hardening policies and applied patches.

Penetration testing (pentest)

Targeted attack simulations (black-box, grey-box, white-box) on your web applications, internal networks, cloud infrastructure and industrial systems (OT/ICS).

Methodology

Our approach in four steps.

  1. 01
    Scoping

    Definition of scope, objectives and the level of knowledge of the audited system. Engagement agreement and authorisations signed.

  2. 02
    Reconnaissance & collection

    Asset mapping, passive and active analysis depending on scope. Identification of exposure surfaces.

  3. 03
    Testing & exploitation

    Vulnerability identification, controlled exploitation attempts, privilege escalation and lateral movement within agreed limits.

  4. 04
    Report & debrief

    Detailed report: executive summary, CVSS-rated vulnerability sheets, prioritised recommendations and remediation plan. Presentation to technical teams and executives.

Frameworks

The frameworks we master.

  • PASSI ANSSI
  • NIS2
  • ISO 27001
  • RGPD
  • DORA
  • PGSSI-S
  • RGS
  • SecNumCloud
  • HDS
  • PCI-DSS
  • OWASP Top 10
  • OWASP API Security

Ready to strengthen your cyber posture?

Our experts assess your situation and propose an action plan tailored to your challenges.

Request an audit View our training