Security compliance
Ensure that your information privacy and security is aligned with
risks, standards, baselines, regulations and laws applicable
to your organisation
  • Information security audits and penetration testing

    "Find vulnerabilities in your information system before hackers do"

    Information security compliance has become a challenge for every organisation.
    Beyond the traditional technically-oriented risk and security assessments, an ever-increasing number of standards, regulations and laws must be taken into account by the Information Security Management. For example:

    • ISO 2700x, PCI-DSS, Basel II&III, SOX, HIPAA, GLBA...
    • EU's data protection directive and its proposed revisions
    • The laws "Informatique et libertés" and "pour la confiance dans l'économie numérique" (LCEN) in France
    • The new US Securities and Exchange Commission's guidance on intellectual property and data privacy

    Devoteam security audit team's unparalleled skills and experience are your best assets to overcome these challenges.

  • Many customers have trusted Devoteam through annual contracts to perform information security audits

    For the sake of confidentiality, these customers' names cannot be publicly disclosed.
    Examples of security audits regularly performed by our team:

    • Trading application platform audit (penetration testing and technical compliance of server configuration with best practices)
    • Recurrent code review and light pentest for trading application on SmartPhone and iPad
    • Web Application "grey box" testing
    • Datacentre Infrastructure analysis (ISO 27002 coverage)
    • Penetration testing in a PCI-DSS context

    The Security Compliance team also performs security awareness and training through the design and the delivery of customised modules (e-learning, training courses, events, video, case studies, goodies, etc.).

Case studies
  • Devoteam helped Docapost DPS to achieve the renewal of an international security certification for their Dematerialization Department
    Docapost Document Process Solutions (DPS) is a subsidiary of the French company La Poste that is number one in France to provide a complete panel of solutions to manage the dematerialization of papers or to monitor and archive digital documents.
  • Steering a French Bank transformation project in order to comply with Basel III requirements
    Basel III established a new set of global standards for capital adequacy and liquidity for banking organisations. Although principally aimed at banks, these standards apply to certain other types of financial institutions as well (e.g. EU investment firms). The Basel Committee on Banking Supervision developed Basel III to supplement and, in certain respects, replace the Basel II standards. The core elements of Basel III were finalized at the international level in 2010.
At a glance
    • A valuable return on experience acquired through meaningful compliance and audit references, with more than 1580 security audits of all types carried out since the creation of the team, and more than 150 audits in 2012
    • A team of 25 auditors dedicated to security audit activity
    • A methodology based on international standards:
      • ISO27001-27002: The majority of team members are “Lead Auditor” certified
      • OSSTM
      • OWASP
      • PCI DSS 2.0
    • A security watch team and a CERT ( that guarantees the exhaustiveness of our controls
  • Risk Management
    An effective risk governance allows businesses to be at the forefront of their strategic opportunities by adapting their business models to the market
  • Governance & Architecture
    Assist our customers to design asset security
  • Security compliance
    Ensure that your information privacy and security is aligned with risks, standards, baselines, regulations and laws applicable to your organisation
  • Business Continuity Plan
    Between legal compliance and operational insurance, business continuity is a standard for good governance today
  • Security Services
    Balancing safety, design and implementation while ensuring the success of complex projects.