In the event of a security incident, our Rapid Response Force is available 24/7. 

Audit the configuration of your equipment and products

The configuration audit provides a comprehensive analysis of the configurations of market products and solutions used by our customers. We analyze the consequences of non-conformities and determine priority remediation actions to optimize our customers’ efforts.

Contact us


Poor security configurations are 5th in the OWASP 2021 Top 10 – a global reference ranking the most frequently encountered vulnerability categories.
OWASP 2021

Using a third-party product is essential, but don’t ignore its configuration!

Using an off-the-shelf product rather than developing it yourself, moving to the Cloud rather than maintaining an On-Prem infrastructure, integrating a third-party brick at the heart of a business application… there are many good reasons for our customers to use third-party solutions. Yet few of them are aware that configuring third-party solutions is often their responsibility.

Highlighting bad configurations that have an impact


Easy configuration extraction

We have developed our own tool for extracting target configurations without installation, with code visibility for administrator review, and including encryption of results for transit to the auditor.

A default, modular audit grid

Our solution integrates several repository sources (CIS, ANSSI…) and can integrate repositories specific to your company.

Risk-oriented results

Risk assessment for each non-conformity is essential. Our aim is to advise our customers on priority actions.

A competent team on a human scale

Formind, a PASSI-qualified company

Formind has been qualified PASSI RGS audit provider by ANSSI since January 2019, and on all 5 scopes since 2021. Each of our services benefits from PASSI procedures and expertise, particularly regarding customer data confidentiality.

A pragmatic analysis

With security repositories containing hundreds of criteria, it’s easy to get lost in information. Our team’s experienced eye can identify what’s important and optimize correction efforts.

Over 70 technologies

Our team has already carried out configuration audits on over 70 technologies and versions. We capitalize on repositories and automate as we go along, to make each mission more efficient.

Our customer references

Business sector: Energy

Configuration audit of operating systems, middleware and applications on 400 critical servers.

All sectors combined

Frequently requested by our customers, this service enables us to assess the level of security of these services, which have become central to many companies.

Business sector: Energy

Configuration audit of the group’s critical operating systems and databases


How often should I consider carrying out a configuration audit on my equipment and products?

The frequency depends on various factors, such as changes in infrastructure. In general, it is recommended to perform them regularly, especially after major upgrades or modifications to your IT environment.

How does a configuration audit work, and how long does it usually take?

A configuration audit involves an in-depth analysis of your system parameters. The duration depends on the size and complexity of your infrastructure but can vary from a few days to a few weeks. Our aim is to ensure a thorough assessment without compromising quality.

What are the main vulnerabilities that a configuration audit can identify?

A configuration audit can identify various vulnerabilities, such as incorrectly configured parameters, excessive authorizations, too large an exposure surface, and other weak points that could be exploited by attackers.

How do I know if my company needs a configuration audit?

If your company has recently undergone major changes to its infrastructure, implemented new technologies, or if you want to proactively strengthen your security, a configuration audit is highly recommended.

What are the consequences of neglecting a configuration audit?

Neglecting a configuration audit exposes your company to increased security risks. Incorrect configurations can be exploited by cybercriminals, resulting in data breaches, service disruptions and even significant financial damage.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us