Although Nothing2Hide uses a classic audit framework, our specificity is to integrate during our recommendations phase a tool adapted to civil society organisations: usesoap.app.
Phase 1 - Preparation
Definition of the scope of the audit
Construction and validation of the audit reference framework (identification of documentary resources, identification of players and people to be approached as part of the audit, etc.).
Drawing up the work programme and validating the organisation of the assignment.
Phase 2 - Investigation
Interviews, testing and analysis:
audit of premises
audit of the internal network
audit of online services
audit of equipment and devices in place,
interviews with teams to understand work processes
Detection of vulnerabilities
Assessment of risks and their severity
Phase 3. - Safety recommendations
Drawing up recommendations and validating them with the partner
Drawing up a security policy using the usesoap tool and validating it with the partner
Phase 4. Implementation and monitoring of security projects