In the event of a security incident, our Rapid Response Force is available 24/7. 

Architecture audit

An architecture audit is a standardized process, which combines the verification of technical and organizational aspects of an IS in terms of their compliance with the state of the art and applicable requirements. The positioning of security and infrastructure equipment, its implementation, administration and all IS interconnections are assessed against best practices defined by recognized organizations such as ANSSI.

Contact us

50 %

Half of the most common non-conformities on Information Systems are linked to their architecture and administration methods.
CISA 2023

Assess the security of an Information System through its topology, infrastructure equipment and administration practices.


Our technical auditors, specialized in information systems architecture, rely on documentation, interviews with IS managers and the collection of technical data to draw up an up-to-date, exhaustive map of the scope under study.

This mapping is based on the study of DAT Technical Architecture Documents, flow and rights matrices, equipment administration procedures, IT service contracts and any other element enabling our auditors to know all the assets making up the Information System under study.

They compare it with the requirements standards chosen by our customers, whether these are:

internal: Information System Security Policy, Security Assurance Plan.

– regulatory: LPM (Military Planning Law), PSSIE/A (State or Army Information Systems Security Policy), HDS (Health Data Hosting System);

– best practices established by recognized organizations: ANSSI, GCHQ, BSI, etc.

identify gaps in a report and draw up a remediation plan, helping our customers to identify the priority measures to be implemented to protect their Information Systems.

The different scopes and objectives of an architecture audit

Simple architecture audit

A comprehensive audit covering all aspects of Information Systems security; the simple architecture audit is based on reference frameworks such as the ANSSI’s “Guide d’Hygiène Informatique”. Suitable for small and medium-sized businesses, it enables us to assess the level of compliance of a small IS in relation to the state of the art, and to provide advice tailored to the customer’s maturity.

Regulatory architecture audit

Carried out by our experienced, senior auditors, regulatory architecture audits are necessary for the qualification of service providers (ISO27001/27002), for the approval of Vital Importance Information Systems (LPM, PASSI), or for checking the compliance of remote sites (secure sites, for example).

The granularity of findings is high, and audit activities are generally combined with other scopes.

Cloud architecture audit

Adapted to Information Systems partially or completely hosted in the cloud, these architecture audits are based on the security recommendations of suppliers such as Microsoft or Google on their solutions, as well as those of reference organizations such as ANSSI.

These audits enable our customers to ensure the cybersecurity compliance of their hybrid or full-cloud infrastructures.

Rapidly increase your visibility of compliance across your entire information system

A cross-functional vision of IS security

Based on existing documentation and interviews with key stakeholders in IS management and administration, the architecture audit provides a rapid assessment of the chosen scope’s overall level of compliance with cybersecurity best practices.

A clear, prioritized remediation plan

Through a report detailing the findings and recommendations adapted to the company’s context, the architecture audit enables us to define a concrete action plan, which can be used to bring the audited IS into compliance, or to define new architecture standards.

A tailored, modular offering

The architecture audit proposal can be adapted according to the size of the IS, the criticality of the assets within the scope, and the security objectives, but also in relation to the expected granularity or regulatory constraints (certification, for example).

Our customer references

Business sector: Economic development

Mission description:

  • Audit of Exchange infrastructure architecture
  • Complex architecture audit
  • Technical configuration audit
  • Provide a security roadmap for this critical infrastructure.
  • Environment: Exchange Server Edge and Mailbox, Office Online Server, DNS, Windows Server

Business sector: Luxury

Mission description:

  • Active Directory architecture audit
  • Architecture audit through 3 interviews with tier-0 administrators
  • Environment: Active Directory, Redforest, Microsoft Tier model, secure administration, report in English

Business sector: Banking

Mission description:

  • Audit of remote meter reading application architecture
  • Creation of an audit grid, 4 interviews with security, infrastructure and R&D teams, France
  • Environment: Jenkins, Bitbucket, Jira, Nexus, Crowd, Confluence, Sonarqube, Artifactory, Bamboo


Why should I carry out a cybersecurity architecture audit?

Performing a cybersecurity architecture audit is crucial to assessing the robustness and effectiveness of an organization's IT infrastructures. This helps to identify potential vulnerabilities, prevent security breaches and ensure that sensitive data is properly identified and protected. By understanding any gaps in the architecture, you can strengthen your system's resilience in the face of growing threats

How does the cybersecurity architecture audit contribute to compliance?

Cybersecurity architecture audits play a crucial role in ensuring compliance with cybersecurity regulations and standards. By assessing your architecture's compliance with standards such as ISO 27001, GDPR, or other industry-specific regulations, you can ensure that your organization meets legal requirements for data protection and IT security.
It is also essential to carry out an architecture audit as part of a certification process (OSE, OIV, sensitive systems).

What are the long-term benefits of a cybersecurity architecture audit?

Investing in a cybersecurity architecture audit offers long-term benefits by strengthening your organization's resilience against cyber threats. This helps maintain the trust of customers and partners, and reduces the financial risks associated with data breaches. What's more, by identifying opportunities for continuous improvement, the audit fosters a proactive and sustainable cybersecurity culture within the organization.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us