en:tech4society:procedure:audit-framework

Nothing2Hide audit framework

Although Nothing2Hide uses a classic audit framework, our specificity is to integrate during our recommendations phase a tool adapted to civil society organisations: usesoap.app.

Phase 1 - Preparation

  • Definition of the scope of the audit
  • Construction and validation of the audit reference framework (identification of documentary resources, identification of players and people to be approached as part of the audit, etc.).
  • Drawing up the work programme and validating the organisation of the assignment.

Phase 2 - Investigation

  • Interviews, testing and analysis:
    • audit of premises
    • audit of the internal network
    • audit of online services
    • audit of equipment and devices in place,
    • interviews with teams to understand work processes
  • Detection of vulnerabilities
  • Assessment of risks and their severity

Phase 3. - Safety recommendations

  • Drawing up recommendations and validating them with the partner
  • Drawing up a security policy using the usesoap tool and validating it with the partner

Phase 4. Implementation and monitoring of security projects

  • Feedback: presentation of the security policy
  • Organisation of team training
    • Identifying threats and how to deal with them;
    • use of security tools and procedures;
  • Set up long-term monitoring.
You could leave a comment if you were logged in.