====== Nothing2Hide audit framework ======



Although Nothing2Hide uses a classic audit framework, our specificity is to integrate during our recommendations phase a tool  adapted to civil society organisations: [[https://usesoap.app/|usesoap.app]]. 



===== Phase 1 - Preparation =====



  * Definition of the scope of the audit
  * Construction and validation of the audit reference framework (identification of documentary resources, identification of players and people to be approached as part of the audit, etc.).
  * Drawing up the work programme and validating the organisation of the assignment.



===== Phase 2 - Investigation =====



  * Interviews, testing and analysis: 
    * audit of premises
    * audit of the internal network 
    * audit of online services 
    * audit of equipment and devices in place, 
    * interviews with teams to understand work processes
  * Detection of vulnerabilities
  * Assessment of risks and their severity



===== Phase 3. - Safety recommendations =====



  * Drawing up recommendations and validating them with the partner
  * Drawing up a security policy using the usesoap tool and validating it with the partner



===== Phase 4. Implementation and monitoring of security projects =====



  * Feedback: presentation of the security policy
  * Organisation of team training 
    * Identifying threats and how to deal with them;
    * use of security tools and procedures;
  * Set up long-term monitoring.