""

PASSI certification: the Synacktiv case

Top News10/20/2020
Renaud FEIL, president and co-founder of Synacktiv, has answered a few questions about his experience in obtaining the qualification Prestataires d'Audit de la Sécurité des Systèmes d'Information (PASSI). Here are his answers.


Synacktiv has just been awarded PASSI qualification following various audits carried out by LSTI. As President and co-founder of Synacktiv, what are your thoughts on the qualification process?

The qualification process is a demanding one. It required intense preparation, despite Synacktiv's 8 years of experience in security audits. This audit reminds us that there is a difference between "doing a good job" and being able to demonstrate to a third party that our processes ensure a systematic level of quality. Furthermore, the audit verifies contractual, legal and regulatory aspects that are rarely documented in small specialist companies like ours.

How does this qualification benefit your customers?

It demonstrates a certain consistency in the way we carry out our audits. Even if I don't think that the penetration testing profession is destined to become "industrialized", as the skills and flair of each individual auditor cannot be completely encapsulated in a qualification...

Above all, this enables our OIV (Opérateurs d'Importance Vitale) customers to have us intervene on the most sensitive perimeters without falling foul of regulations.

How did the written exams and interviews go?

As far as the written exams are concerned, some of the questions could do with a little updating to bring them into line with the latest technologies encountered by our customers, but overall they remain highly relevant (and it's true that old technologies are still being used in the field!) For the oral, we found it interesting to challenge the candidates on the errors they had noted during the written exam.

Generally speaking, it's always unsettling for an auditor with several years' experience to find himself being audited by a peer! But the 12 candidates we presented were all selected to become PASSI auditors. For a security expert who continues to carry out security audits on a regular basis, there are few surprises in the exam results.

What's your next step?

We will be taking steps to become PASSI LPM (Loi de Programmation Militaire). Every effort has already been made, and it will (I hope) only be a formality to demonstrate our credibility on the market.

Synacktiv joins the list of PASSI-qualified French companies, which you can find on our Certified Customers search engine.

Focus on ISO/CEI 27001

Focus on ISO/CEI 27001

Why choose LSTI?

1

Recognized expertise

With over twenty years' experience, LSTI supports more than 300 organizations in France and Europe as a certification body and benchmark assessment center in the fields of cybersecurity, digital trust and information security.assessment center, in the fields of cybersecurity, digital trust and information security.
2

Specialized auditors

Our teams of auditors are made up of experienced professionals who are fully conversant with the ANSSI's cybersecurity standards, information security management practices and European digital trust frameworks.curity standards, information security management practices and European digital trust frameworks. Their approach guarantees assessments that are demanding, balanced and adapted to the operational contexts of each organization.
3

Independent third party and dedicated support

Authorized by ANSSI, LSTI guarantees impartiality, transparency and consistency throughout the entire cycle: preparation, audits, monitoring and renewals. A dedicated contact ensures continuity and clarity throughout the certification process.

Discover our news